Sign-up

ID

VAR-201807-0341


CVE

CVE-2018-10616


TITLE

ABB Panel Builder 800 Input validation vulnerability

Trust: 1.4

sources: IVD: e2f971a1-39ab-11e9-bb19-000c29342cb1 // CNVD: CNVD-2018-18146 // CNNVD: CNNVD-201807-1323

DESCRIPTION

ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the UserSettings parameter provided to the Animatics SmartMotor OPC Driver. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code under the context of an administrator. ABB Panel Builder 800 is a web-based HMI (Human Machine Interface) system from ABB, Switzerland

Trust: 11.07

sources: NVD: CVE-2018-10616 // ZDI: ZDI-18-897 // ZDI: ZDI-18-886 // ZDI: ZDI-18-893 // ZDI: ZDI-18-907 // ZDI: ZDI-18-904 // ZDI: ZDI-18-914 // ZDI: ZDI-18-901 // ZDI: ZDI-18-902 // ZDI: ZDI-18-884 // ZDI: ZDI-18-899 // ZDI: ZDI-18-882 // ZDI: ZDI-18-898 // ZDI: ZDI-18-912 // ZDI: ZDI-18-910 // ZDI: ZDI-18-889 // CNVD: CNVD-2018-18146 // IVD: e2f971a1-39ab-11e9-bb19-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f971a1-39ab-11e9-bb19-000c29342cb1 // CNVD: CNVD-2018-18146

AFFECTED PRODUCTS

vendor:abbmodel:panel builder 800scope: - version: -

Trust: 10.5

vendor:abbmodel:panel builder 800scope:eqversion: -

Trust: 1.6

vendor:abbmodel:panel builderscope:eqversion:800

Trust: 0.6

vendor:panel builder 800model: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2f971a1-39ab-11e9-bb19-000c29342cb1 // ZDI: ZDI-18-897 // ZDI: ZDI-18-889 // ZDI: ZDI-18-910 // ZDI: ZDI-18-912 // ZDI: ZDI-18-898 // ZDI: ZDI-18-882 // ZDI: ZDI-18-899 // ZDI: ZDI-18-884 // ZDI: ZDI-18-902 // ZDI: ZDI-18-901 // ZDI: ZDI-18-914 // ZDI: ZDI-18-904 // ZDI: ZDI-18-907 // ZDI: ZDI-18-893 // ZDI: ZDI-18-886 // CNVD: CNVD-2018-18146 // CNNVD: CNNVD-201807-1323 // NVD: CVE-2018-10616

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-10616
value: MEDIUM

Trust: 5.6

ZDI: CVE-2018-10616
value: HIGH

Trust: 4.9

nvd@nist.gov: CVE-2018-10616
value: HIGH

Trust: 1.0

CNVD: CNVD-2018-18146
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-1323
value: HIGH

Trust: 0.6

IVD: e2f971a1-39ab-11e9-bb19-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-10616
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 5.9

ZDI: CVE-2018-10616
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 5.6

CNVD: CNVD-2018-18146
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f971a1-39ab-11e9-bb19-000c29342cb1
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-10616
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: IVD: e2f971a1-39ab-11e9-bb19-000c29342cb1 // ZDI: ZDI-18-897 // ZDI: ZDI-18-889 // ZDI: ZDI-18-910 // ZDI: ZDI-18-912 // ZDI: ZDI-18-898 // ZDI: ZDI-18-882 // ZDI: ZDI-18-899 // ZDI: ZDI-18-884 // ZDI: ZDI-18-902 // ZDI: ZDI-18-901 // ZDI: ZDI-18-914 // ZDI: ZDI-18-904 // ZDI: ZDI-18-907 // ZDI: ZDI-18-893 // ZDI: ZDI-18-886 // CNVD: CNVD-2018-18146 // CNNVD: CNNVD-201807-1323 // NVD: CVE-2018-10616

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2018-10616

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-1323

TYPE

Input validation error

Trust: 0.8

sources: IVD: e2f971a1-39ab-11e9-bb19-000c29342cb1 // CNNVD: CNNVD-201807-1323

PATCH

title:ABB has issued an update to correct this vulnerability.url:https://library.e.abb.com/public/30b77e0dc904475295401b66ec74cd3c/3BSE092089_A_en_SECURITY_-_Panel_Builder_800_Improper_input_validation_vulnerability.pdf?x-sign=OyK2T7i661JL8oQxBk+0/iWUV+hinpu8Nt6nvVmhw581vp4nkzkQbe1JSiJQPtp0

Trust: 10.5

sources: ZDI: ZDI-18-897 // ZDI: ZDI-18-889 // ZDI: ZDI-18-910 // ZDI: ZDI-18-912 // ZDI: ZDI-18-898 // ZDI: ZDI-18-882 // ZDI: ZDI-18-899 // ZDI: ZDI-18-884 // ZDI: ZDI-18-902 // ZDI: ZDI-18-901 // ZDI: ZDI-18-914 // ZDI: ZDI-18-904 // ZDI: ZDI-18-907 // ZDI: ZDI-18-893 // ZDI: ZDI-18-886

EXTERNAL IDS

db:NVDid:CVE-2018-10616

Trust: 12.9

db:ICS CERTid:ICSA-18-198-01

Trust: 2.2

db:BIDid:104882

Trust: 1.6

db:CNVDid:CNVD-2018-18146

Trust: 0.8

db:CNNVDid:CNNVD-201807-1323

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6143

Trust: 0.7

db:ZDIid:ZDI-18-897

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6085

Trust: 0.7

db:ZDIid:ZDI-18-889

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6422

Trust: 0.7

db:ZDIid:ZDI-18-910

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6423

Trust: 0.7

db:ZDIid:ZDI-18-912

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6144

Trust: 0.7

db:ZDIid:ZDI-18-898

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5786

Trust: 0.7

db:ZDIid:ZDI-18-882

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6190

Trust: 0.7

db:ZDIid:ZDI-18-899

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6051

Trust: 0.7

db:ZDIid:ZDI-18-884

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6227

Trust: 0.7

db:ZDIid:ZDI-18-902

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6225

Trust: 0.7

db:ZDIid:ZDI-18-901

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6053

Trust: 0.7

db:ZDIid:ZDI-18-914

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6229

Trust: 0.7

db:ZDIid:ZDI-18-904

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6349

Trust: 0.7

db:ZDIid:ZDI-18-907

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6098

Trust: 0.7

db:ZDIid:ZDI-18-893

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6061

Trust: 0.7

db:ZDIid:ZDI-18-886

Trust: 0.7

db:IVDid:E2F971A1-39AB-11E9-BB19-000C29342CB1

Trust: 0.2

sources: IVD: e2f971a1-39ab-11e9-bb19-000c29342cb1 // ZDI: ZDI-18-897 // ZDI: ZDI-18-889 // ZDI: ZDI-18-910 // ZDI: ZDI-18-912 // ZDI: ZDI-18-898 // ZDI: ZDI-18-882 // ZDI: ZDI-18-899 // ZDI: ZDI-18-884 // ZDI: ZDI-18-902 // ZDI: ZDI-18-901 // ZDI: ZDI-18-914 // ZDI: ZDI-18-904 // ZDI: ZDI-18-907 // ZDI: ZDI-18-893 // ZDI: ZDI-18-886 // CNVD: CNVD-2018-18146 // CNNVD: CNNVD-201807-1323 // NVD: CVE-2018-10616

REFERENCES

url:https://library.e.abb.com/public/30b77e0dc904475295401b66ec74cd3c/3bse092089_a_en_security_-_panel_builder_800_improper_input_validation_vulnerability.pdf?x-sign=oyk2t7i661jl8oqxbk+0/iwuv+hinpu8nt6nvvmhw581vp4nkzkqbe1jsijqptp0

Trust: 10.5

url:https://ics-cert.us-cert.gov/advisories/icsa-18-198-01

Trust: 2.2

url:http://search-ext.abb.com/library/download.aspx?documentid=3bse092089&action=launch

Trust: 1.6

url:http://www.securityfocus.com/bid/104882

Trust: 1.6

url:http://search-ext.abb.com/library/download.aspx?documentid=3bse092089&action=launch

Trust: 0.6

sources: ZDI: ZDI-18-897 // ZDI: ZDI-18-889 // ZDI: ZDI-18-910 // ZDI: ZDI-18-912 // ZDI: ZDI-18-898 // ZDI: ZDI-18-882 // ZDI: ZDI-18-899 // ZDI: ZDI-18-884 // ZDI: ZDI-18-902 // ZDI: ZDI-18-901 // ZDI: ZDI-18-914 // ZDI: ZDI-18-904 // ZDI: ZDI-18-907 // ZDI: ZDI-18-893 // ZDI: ZDI-18-886 // CNVD: CNVD-2018-18146 // CNNVD: CNNVD-201807-1323 // NVD: CVE-2018-10616

CREDITS

Michael DePlante - Leahy Center for Digital Investigation at Champlain College

Trust: 6.3

sources: ZDI: ZDI-18-897 // ZDI: ZDI-18-910 // ZDI: ZDI-18-912 // ZDI: ZDI-18-898 // ZDI: ZDI-18-882 // ZDI: ZDI-18-902 // ZDI: ZDI-18-901 // ZDI: ZDI-18-907 // ZDI: ZDI-18-893

SOURCES

db:IVDid:e2f971a1-39ab-11e9-bb19-000c29342cb1
db:ZDIid:ZDI-18-897
db:ZDIid:ZDI-18-889
db:ZDIid:ZDI-18-910
db:ZDIid:ZDI-18-912
db:ZDIid:ZDI-18-898
db:ZDIid:ZDI-18-882
db:ZDIid:ZDI-18-899
db:ZDIid:ZDI-18-884
db:ZDIid:ZDI-18-902
db:ZDIid:ZDI-18-901
db:ZDIid:ZDI-18-914
db:ZDIid:ZDI-18-904
db:ZDIid:ZDI-18-907
db:ZDIid:ZDI-18-893
db:ZDIid:ZDI-18-886
db:CNVDid:CNVD-2018-18146
db:CNNVDid:CNNVD-201807-1323
db:NVDid:CVE-2018-10616

LAST UPDATE DATE

2026-02-08T23:19:53.210000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-897date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-889date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-910date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-912date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-898date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-882date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-899date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-884date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-902date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-901date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-914date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-904date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-907date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-893date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-886date:2018-08-10T00:00:00
db:CNVDid:CNVD-2018-18146date:2018-09-10T00:00:00
db:CNNVDid:CNNVD-201807-1323date:2019-10-17T00:00:00
db:NVDid:CVE-2018-10616date:2024-11-21T03:41:40.343

SOURCES RELEASE DATE

db:IVDid:e2f971a1-39ab-11e9-bb19-000c29342cb1date:2018-09-10T00:00:00
db:ZDIid:ZDI-18-897date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-889date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-910date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-912date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-898date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-882date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-899date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-884date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-902date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-901date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-914date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-904date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-907date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-893date:2018-08-10T00:00:00
db:ZDIid:ZDI-18-886date:2018-08-10T00:00:00
db:CNVDid:CNVD-2018-18146date:2018-09-10T00:00:00
db:CNNVDid:CNNVD-201807-1323date:2018-07-19T00:00:00
db:NVDid:CVE-2018-10616date:2018-07-18T15:29:00.220