PT-2019-9700 · Abb · Abb Cp400 Panel Builder+1

Ivan Sanchez

Published

2019-02-13

Updated

2019-10-09

CVE-2018-19008

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ABB CP400 Panel Builder versions 2.0.7.05 and earlier

Description The issue concerns a vulnerability in the file parser of the TextEditor 2.0, where the application fails to properly prevent the insertion of specially crafted files. This could potentially allow arbitrary code execution.

Recommendations For ABB CP400 Panel Builder versions 2.0.7.05 and earlier, consider disabling the TextEditor 2.0 until a patch is available to prevent the insertion of specially crafted files.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-19008

Affected Products

Abb Cp400 Panel Builder

Ktexteditor

PT-2019-9700 · Abb · Abb Cp400 Panel Builder+1

CVE-2018-19008

Weakness Enumeration

Related Identifiers

Affected Products

References · 4