CVE-2019-7232

Name of the Vulnerable Software and Affected Versions ABB IDAL HTTP server version SAP500900R0101

Description The issue is related to a buffer overflow vulnerability in the HTTP server of the ABB IDAL tool. This occurs when a long Host header is sent in a web request, allowing an unauthenticated attacker to submit a Host header value of 2047 bytes or more, which overflows a buffer and overwrites a Structured Exception Handler (SEH) address. This can be leveraged to execute attacker-controlled code on the server.

Recommendations For ABB IDAL HTTP server version SAP500900R0101, consider restricting access to the HTTP server until a patch is available, and avoid using long Host header values in web requests to minimize the risk of exploitation. As a temporary workaround, consider disabling the HTTP server functionality until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.