CVE-2019-7230

Name of the Vulnerable Software and Affected Versions ABB IDAL FTP server (affected versions not specified)

Description The issue is related to the mishandling of format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack. This could potentially allow a remote attacker to execute arbitrary code by sending a specially crafted request with a username.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.