CVE-2019-7225

Name of the Vulnerable Software and Affected Versions ABB CP620 versions 1SAP520100R0001 through 1SAP520100R4001 ABB CP620-WEB version 1SAP520200R0001 ABB CP630 version 1SAP530100R0001 ABB CP630-WEB version 1SAP530200R0001 ABB CP635 versions 1SAP535100R0001 through 1SAP535100R5001 ABB CP635-B version 1SAP535100R2001 ABB CP635-WEB version 1SAP535200R0001 ABB CP651 version 1SAP551100R0001 ABB CP651-WEB version 1SAP551200R0001 ABB CP661 version 1SAP561100R0001 ABB CP661-WEB version 1SAP561200R0001 ABB CP665 version 1SAP565100R0001 ABB CP665-WEB version 1SAP565200R0001 ABB CP676 version 1SAP576100R0001 ABB CP676-WEB version 1SAP576200R0001 ABB Panel Builder 600 version SAP500900R0101

Description The issue is related to the presence of embedded credentials in ABB HMI components, including the IdalMaster account with password idal123 and the exor account with password exor. These credentials are transmitted using HTTPS and FTP protocols. An attacker can exploit this issue to gain read and write access to HMI configuration files or reset the device.

Recommendations For ABB CP620 versions 1SAP520100R0001 through 1SAP520100R4001, consider disabling the IdalMaster and exor accounts until a patch is available. For ABB CP620-WEB version 1SAP520200R0001, restrict access to the FTP server and HTTP server to minimize the risk of exploitation. For ABB CP630 version 1SAP530100R0001, avoid using the IdalMaster and exor accounts for configuration and maintenance tasks. For ABB CP635 versions 1SAP535100R0001 through 1SAP535100R5001, disable the IDAL FTP server and IDAL HTTP server to prevent unauthorized access. For ABB Panel Builder 600 version SAP500900R0101, consider implementing additional security measures to protect the provisioning tool from unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.