Details of VAR-201902-0642

ID

VAR-201902-0642

CVE

CVE-2018-19008

TITLE

ABB CP400PB TextEditor Input validation vulnerability

Trust: 0.8

sources: IVD: 682ff012-276f-40be-bbf5-d5593dbc364f // CNVD: CNVD-2019-19834

DESCRIPTION

The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution. ABB CP400 Panel Builder Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB CP400PB is a set of human interface programming software from ABB, Switzerland. TextEditor is one of the text editors. An attacker could exploit the vulnerability to execute arbitrary code and cause a denial of service. ABB CP400 Panel Builder TextEditor is prone to a local code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. The following products are vulnerable: CP400 Panel BuilderTextEditor 2.0 CP400PB 2.0.7.05 and prior

Trust: 2.7

sources: NVD: CVE-2018-19008 // JVNDB: JVNDB-2018-014499 // CNVD: CNVD-2019-19834 // BID: 106658 // IVD: 682ff012-276f-40be-bbf5-d5593dbc364f // VULHUB: VHN-129624

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 682ff012-276f-40be-bbf5-d5593dbc364f // CNVD: CNVD-2019-19834

AFFECTED PRODUCTS

vendor:	abb	model:	cp400pb	scope:	lte	version:	2.0.7.05	Trust: 1.8
vendor:	abb	model:	cp400pb	scope:	lte	version:	<=2.0.7.05	Trust: 0.6
vendor:	abb	model:	cp400pb	scope:	eq	version:	2.0.7.05	Trust: 0.3
vendor:	abb	model:	cp400 panel builder texteditor	scope:	eq	version:	2.0	Trust: 0.3
vendor:	abb	model:	cp400pb	scope:	ne	version:	2.1.7.21	Trust: 0.3
vendor:	cp400pb	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 682ff012-276f-40be-bbf5-d5593dbc364f // CNVD: CNVD-2019-19834 // BID: 106658 // JVNDB: JVNDB-2018-014499 // NVD: CVE-2018-19008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19008
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-19008
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-19834
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201901-741
value:	HIGH
Trust: 0.6
IVD:	682ff012-276f-40be-bbf5-d5593dbc364f
value:	HIGH
Trust: 0.2
VULHUB:	VHN-129624
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-19008
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-19834
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	682ff012-276f-40be-bbf5-d5593dbc364f
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-129624
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19008
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 682ff012-276f-40be-bbf5-d5593dbc364f // CNVD: CNVD-2019-19834 // VULHUB: VHN-129624 // JVNDB: JVNDB-2018-014499 // CNNVD: CNNVD-201901-741 // NVD: CVE-2018-19008

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-129624 // JVNDB: JVNDB-2018-014499 // NVD: CVE-2018-19008

THREAT TYPE

local

Trust: 0.9

sources: BID: 106658 // CNNVD: CNNVD-201901-741

TYPE

Input validation error

Trust: 0.8

sources: IVD: 682ff012-276f-40be-bbf5-d5593dbc364f // CNNVD: CNNVD-201901-741

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014499

PATCH

title:	Top Page	url:	https://new.abb.com/	Trust: 0.8
title:	ABB CP400PB TextEditor input patch for verification vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/165659	Trust: 0.6

sources: CNVD: CNVD-2019-19834 // JVNDB: JVNDB-2018-014499

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19008	Trust: 3.6
db:	ICS CERT	id:	ICSA-19-017-02	Trust: 2.8
db:	BID	id:	106658	Trust: 2.0
db:	CNNVD	id:	CNNVD-201901-741	Trust: 0.9
db:	CNVD	id:	CNVD-2019-19834	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014499	Trust: 0.8
db:	IVD	id:	682FF012-276F-40BE-BBF5-D5593DBC364F	Trust: 0.2
db:	SEEBUG	id:	SSVID-98815	Trust: 0.1
db:	VULHUB	id:	VHN-129624	Trust: 0.1

sources: IVD: 682ff012-276f-40be-bbf5-d5593dbc364f // CNVD: CNVD-2019-19834 // VULHUB: VHN-129624 // BID: 106658 // JVNDB: JVNDB-2018-014499 // CNNVD: CNNVD-201901-741 // NVD: CVE-2018-19008

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-017-02	Trust: 2.5
url:	http://www.securityfocus.com/bid/106658	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19008	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19008	Trust: 0.8
url:	https://new.abb.com/products/abb1sap500400r0001	Trust: 0.6
url:	http://www.abb.com/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-017-02	Trust: 0.3
url:	https://search.abb.com/library/download.aspx?documentid=3bse091042&languagecode=en&documentpartid=&action=launch	Trust: 0.3

sources: CNVD: CNVD-2019-19834 // VULHUB: VHN-129624 // BID: 106658 // JVNDB: JVNDB-2018-014499 // CNNVD: CNNVD-201901-741 // NVD: CVE-2018-19008

CREDITS

Ivan Sanchez of NullCode

Trust: 0.3

sources: BID: 106658

SOURCES

db:	IVD	id:	682ff012-276f-40be-bbf5-d5593dbc364f
db:	CNVD	id:	CNVD-2019-19834
db:	VULHUB	id:	VHN-129624
db:	BID	id:	106658
db:	JVNDB	id:	JVNDB-2018-014499
db:	CNNVD	id:	CNNVD-201901-741
db:	NVD	id:	CVE-2018-19008

LAST UPDATE DATE

2024-11-23T22:06:19.704000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-19834	date:	2019-06-30T00:00:00
db:	VULHUB	id:	VHN-129624	date:	2019-10-09T00:00:00
db:	BID	id:	106658	date:	2019-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-014499	date:	2019-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201901-741	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-19008	date:	2024-11-21T03:57:09.340

SOURCES RELEASE DATE

db:	IVD	id:	682ff012-276f-40be-bbf5-d5593dbc364f	date:	2019-06-30T00:00:00
db:	CNVD	id:	CNVD-2019-19834	date:	2019-06-28T00:00:00
db:	VULHUB	id:	VHN-129624	date:	2019-02-13T00:00:00
db:	BID	id:	106658	date:	2019-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-014499	date:	2019-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201901-741	date:	2019-01-18T00:00:00
db:	NVD	id:	CVE-2018-19008	date:	2019-02-13T21:29:00.300