Sign-up

ID

VAR-201603-0045


CVE

CVE-2016-2281


TITLE

ABB Panel Builder 800 Vulnerable to gaining privileges

Trust: 0.8

sources: JVNDB: JVNDB-2016-001815

DESCRIPTION

Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL You may be able to gain permissions via. ABB Panel Builder 800 is a web-based HMI (Human Machine Interface) system. ABB Panel Builder fails to properly handle DLL files, allowing an attacker to inject and execute arbitrary code with a DLL that does not specify an absolute path. A local attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. Panel Builder 800 5.1 is vulnerable; other versions may also be affected

Trust: 2.7

sources: NVD: CVE-2016-2281 // JVNDB: JVNDB-2016-001815 // CNVD: CNVD-2016-01755 // BID: 84701 // IVD: 5bef17e6-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-91100

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5bef17e6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01755

AFFECTED PRODUCTS

vendor:abbmodel:panel builder 800scope:eqversion:5.1

Trust: 2.4

vendor:abbmodel:panel builderscope:eqversion:8005.1

Trust: 0.6

vendor:panel builder 800model: - scope:eqversion:5.1

Trust: 0.2

sources: IVD: 5bef17e6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01755 // JVNDB: JVNDB-2016-001815 // CNNVD: CNNVD-201603-267 // NVD: CVE-2016-2281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2281
value: HIGH

Trust: 1.0

NVD: CVE-2016-2281
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-01755
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201603-267
value: MEDIUM

Trust: 0.6

IVD: 5bef17e6-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-91100
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-2281
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-01755
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5bef17e6-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-91100
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-2281
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.6
impactScore: 6.0
version: 3.0

Trust: 1.0

sources: IVD: 5bef17e6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01755 // VULHUB: VHN-91100 // JVNDB: JVNDB-2016-001815 // CNNVD: CNNVD-201603-267 // NVD: CVE-2016-2281

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-91100 // JVNDB: JVNDB-2016-001815 // NVD: CVE-2016-2281

THREAT TYPE

local

Trust: 0.9

sources: BID: 84701 // CNNVD: CNNVD-201603-267

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201603-267

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001815

PATCH
title:Panel Builderurl:http://new.abb.com/control-systems/essential-automation/compact-product-suite/panel-800/panel-builder-software
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-001815

EXTERNAL IDS
db:NVDid:CVE-2016-2281
Trust: 3.6
db:ICS CERTid:ICSA-16-077-01
Trust: 3.1
db:CNNVDid:CNNVD-201603-267
Trust: 0.9
db:CNVDid:CNVD-2016-01755
Trust: 0.8
db:JVNDBid:JVNDB-2016-001815
Trust: 0.8
db:BIDid:84701
Trust: 0.4
db:IVDid:5BEF17E6-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-91100
Trust: 0.1
sources:
            
            
            IVD: 5bef17e6-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2016-01755 // 
            
            
            
            VULHUB: VHN-91100 // 
            
            
            
            BID: 84701 // 
            
            
            
            JVNDB: JVNDB-2016-001815 // 
            
            
            
            CNNVD: CNNVD-201603-267 // 
            
            
            
            NVD: CVE-2016-2281

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-077-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2281
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2281
Trust: 0.8
url:http://www.abb.com/
Trust: 0.3
url:http://blog.rapid7.com/?p=5325
Trust: 0.3
url:http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html
Trust: 0.3
url:http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx
Trust: 0.3
url:http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-01755 // 
            
            
            
            VULHUB: VHN-91100 // 
            
            
            
            BID: 84701 // 
            
            
            
            JVNDB: JVNDB-2016-001815 // 
            
            
            
            CNNVD: CNNVD-201603-267 // 
            
            
            
            NVD: CVE-2016-2281

CREDITS
Ivan Sanchez from Nullcode Team
Trust: 0.3
sources:
            
            
            BID: 84701

SOURCES
db:IVDid:5bef17e6-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2016-01755
db:VULHUBid:VHN-91100
db:BIDid:84701
db:JVNDBid:JVNDB-2016-001815
db:CNNVDid:CNNVD-201603-267
db:NVDid:CVE-2016-2281

LAST UPDATE DATE
2025-04-12T23:19:40.531000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01755date:2016-03-21T00:00:00
db:VULHUBid:VHN-91100date:2016-03-21T00:00:00
db:BIDid:84701date:2016-03-17T00:00:00
db:JVNDBid:JVNDB-2016-001815date:2016-03-23T00:00:00
db:CNNVDid:CNNVD-201603-267date:2016-03-21T00:00:00
db:NVDid:CVE-2016-2281date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:5bef17e6-2351-11e6-abef-000c29c66e3ddate:2016-03-21T00:00:00
db:CNVDid:CNVD-2016-01755date:2016-03-21T00:00:00
db:VULHUBid:VHN-91100date:2016-03-18T00:00:00
db:BIDid:84701date:2016-03-17T00:00:00
db:JVNDBid:JVNDB-2016-001815date:2016-03-23T00:00:00
db:CNNVDid:CNNVD-201603-267date:2016-03-18T00:00:00
db:NVDid:CVE-2016-2281date:2016-03-18T14:59:04.593