PT-2019-4282 · Abb · Abb Power Generation Information Manager+1

Published

2019-11-25

Updated

2021-10-29

CVE-2019-18250

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ABB Power Generation Information Manager (PGIM) and Plant Connect (affected versions not specified)

Description The issue is related to insufficient protection of registration data, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device. This can be exploited by an attacker to gain unauthorized access to the device's account data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Authentication Bypass Using an Alternate Path or Channel

Insufficiently Protected Credentials

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-522CWE-287

Related Identifiers

BDU:2019-04889

CVE-2019-18250

Affected Products

Abb Power Generation Information Manager

Plant Connect

PT-2019-4282 · Abb · Abb Power Generation Information Manager+1

CVE-2019-18250

Weakness Enumeration

Related Identifiers

Affected Products

References · 5