Sign-up

ID

VAR-201906-0215


CVE

CVE-2019-7225


TITLE

ABB HMI Vulnerability in using hard-coded credentials in components

Trust: 0.8

sources: JVNDB: JVNDB-2019-006087

DESCRIPTION

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. ABB HMI The component contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. Multiple ABB Products are prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system. The following products and versions are affected: ABB CP620 with firmware version 1.76 and earlier; ABB CP620-Web with firmware version 1.76 and earlier; ABB CP630 with firmware version 1.76 and earlier; ABB CP630-Web with firmware version 1.76 and earlier ; ABB CP635 with firmware version 1.76 and earlier; ABB CP635-B with firmware version 1.76 and earlier; ABB CP635-Web with firmware version 1.76 and earlier; ABB PB610 with firmware version 1.91 to 2.8.0.3674; ABB CP651-Web with firmware version 1.76 and earlier; ABB CP661 with firmware version 1.76 and earlier; ABB CP661-Web with firmware version 1.76 and earlier; ABB CP665-Web with firmware version 1.76 and earlier; ABB CP665 with firmware version 1.76 and earlier; ABB CP676-Web with firmware version 1.76 and earlier; ABB CP676 with firmware version 1.76 and earlier; ABB CP651 with firmware version 1.76 and earlier. Combining these actions can push malicious configuration and HMI code to the device. Affected systems ---------------- CP620, order code: 1SAP520100R0001, revision index G1 with BSP UN31 V1.76 and prior CP620, order code: 1SAP520100R4001, revision index G1 with BSP UN31 V1.76 and prior CP620-WEB, order code: 1SAP520200R0001, revision index G1 with BSP UN31 V1.76 and prior CP630, order code: 1SAP530100R0001, revision index G1 with BSP UN31 V1.76 and prior CP630-WEB, order code: 1SAP530200R0001, revision index G1 with BSP UN31 V1.76 and prior CP635, order code: 1SAP535100R0001, revision index G1 with BSP UN31 V1.76 and prior CP635, order code: 1SAP535100R5001, revision index G1 with BSP UN31 V1.76 and prior CP635-B, order code: 1SAP535100R2001, revision index G1 with BSP UN31 V1.76 and prior CP635-WEB, order code: 1SAP535200R0001, revision index G1 with BSP UN31 V1.76 and prior PB610 Panel Builder 600, order code: 1SAP500900R0101, versions 1.91 ... 2.8.0.3674CP651, order code: 1SAP551100R0001, revision index B1 with BSPUN30 V1.76 and prior CP651-WEB, order code: 1SAP551200R0001, revision index A0 with BSP UN30 V1.76 and prior CP661, order code: 1SAP561100R0001, revision index B1 with BSP UN30 V1.76 and prior CP661-WEB, order code: 1SAP561200R0001, revision index A0 with BSP UN30 V1.76 and prior CP665, order code: 1SAP565100R0001, revision index B1 with BSP UN30 V1.76 and prior CP665-WEB, order code: 1SAP565200R0001, revision index A0 with BSP UN30 V1.76 and prior CP676, order code: 1SAP576100R0001, revision index B1 with BSP UN30 V1.76 and prior CP676-WEB, order code: 1SAP576200R0001, revision index A0 with BSP UN30 V1.76 and prior Solution -------- Apply the patches or changes recommended by the vendor in their vulnerability advisories: - ABB CP635 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch - ABB PB610 - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch - ABB CP651 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch Disclosure timeline ------------------- 04/02/2019 - Contacted ABB requesting disclosure coordination 05/02/2019 - Provided vulnerability details 05/06/2019 - Patch available 17/06/2019 - xen1thLabs public disclosure

Trust: 2.79

sources: NVD: CVE-2019-7225 // JVNDB: JVNDB-2019-006087 // CNVD: CNVD-2019-19833 // BID: 108922 // IVD: 81e5e7b5-957e-48a4-ade8-19b359b65cb3 // VULHUB: VHN-158660 // PACKETSTORM: 153397

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 81e5e7b5-957e-48a4-ade8-19b359b65cb3 // CNVD: CNVD-2019-19833

AFFECTED PRODUCTS

vendor:abbmodel:cp661scope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp676-webscope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp620scope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp635-bscope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp665scope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp620-webscope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp661-webscope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:pb610scope:gteversion:1.91

Trust: 1.0

vendor:abbmodel:cp676scope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:pb610scope:lteversion:2.8.0.3674

Trust: 1.0

vendor:abbmodel:cp651scope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp651-webscope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp630-webscope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp630scope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp665-webscope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp635-webscope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp635scope:lteversion:1.76

Trust: 1.0

vendor:abbmodel:cp620scope: - version: -

Trust: 0.8

vendor:abbmodel:cp620-webscope: - version: -

Trust: 0.8

vendor:abbmodel:cp630scope: - version: -

Trust: 0.8

vendor:abbmodel:cp630-webscope: - version: -

Trust: 0.8

vendor:abbmodel:cp635scope: - version: -

Trust: 0.8

vendor:abbmodel:cp635-bscope: - version: -

Trust: 0.8

vendor:abbmodel:cp635-webscope: - version: -

Trust: 0.8

vendor:abbmodel:cp651-webscope: - version: -

Trust: 0.8

vendor:abbmodel:cp661scope: - version: -

Trust: 0.8

vendor:abbmodel:pb610scope: - version: -

Trust: 0.8

vendor:abbmodel:pb610 panel builderscope:eqversion:6002.8.0.367

Trust: 0.6

vendor:abbmodel:pb610 panel builderscope:eqversion:6001.91

Trust: 0.6

vendor:abbmodel:cp635-webscope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp635-bscope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp635scope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp630-webscope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp630scope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp620-webscope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp620scope:eqversion:0

Trust: 0.3

vendor:cp620model: - scope:eqversion:*

Trust: 0.2

vendor:cp661model: - scope:eqversion:*

Trust: 0.2

vendor:cp661 webmodel: - scope:eqversion:*

Trust: 0.2

vendor:cp665model: - scope:eqversion:*

Trust: 0.2

vendor:cp665 webmodel: - scope:eqversion:*

Trust: 0.2

vendor:cp676model: - scope:eqversion:*

Trust: 0.2

vendor:cp676 webmodel: - scope:eqversion:*

Trust: 0.2

vendor:cp651model: - scope:eqversion:*

Trust: 0.2

vendor:cp620 webmodel: - scope:eqversion:*

Trust: 0.2

vendor:cp630model: - scope:eqversion:*

Trust: 0.2

vendor:cp630 webmodel: - scope:eqversion:*

Trust: 0.2

vendor:cp635model: - scope:eqversion:*

Trust: 0.2

vendor:cp635 bmodel: - scope:eqversion:*

Trust: 0.2

vendor:cp635 webmodel: - scope:eqversion:*

Trust: 0.2

vendor:pb610model: - scope:eqversion:*

Trust: 0.2

vendor:cp651 webmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 81e5e7b5-957e-48a4-ade8-19b359b65cb3 // CNVD: CNVD-2019-19833 // BID: 108922 // JVNDB: JVNDB-2019-006087 // NVD: CVE-2019-7225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7225
value: HIGH

Trust: 1.0

NVD: CVE-2019-7225
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-19833
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-894
value: HIGH

Trust: 0.6

IVD: 81e5e7b5-957e-48a4-ade8-19b359b65cb3
value: HIGH

Trust: 0.2

VULHUB: VHN-158660
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-7225
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-19833
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 81e5e7b5-957e-48a4-ade8-19b359b65cb3
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-158660
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7225
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-7225
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 81e5e7b5-957e-48a4-ade8-19b359b65cb3 // CNVD: CNVD-2019-19833 // VULHUB: VHN-158660 // JVNDB: JVNDB-2019-006087 // CNNVD: CNNVD-201906-894 // NVD: CVE-2019-7225

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-158660 // JVNDB: JVNDB-2019-006087 // NVD: CVE-2019-7225

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201906-894

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-894

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006087

PATCH
title:Top Pageurl:https://new.abb.com/
Trust: 0.8
title:ABBHMIHardcodedCredentials file read vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/165657
Trust: 0.6
title:ABB PB610 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94029
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-19833 // 
            
            
            
            JVNDB: JVNDB-2019-006087 // 
            
            
            
            CNNVD: CNNVD-201906-894

EXTERNAL IDS
db:NVDid:CVE-2019-7225
Trust: 3.7
db:PACKETSTORMid:153397
Trust: 2.4
db:BIDid:108922
Trust: 2.0
db:ICS CERTid:ICSA-19-178-03
Trust: 1.7
db:ICS CERTid:ICSA-19-178-01
Trust: 1.4
db:CNNVDid:CNNVD-201906-894
Trust: 0.9
db:CNVDid:CNVD-2019-19833
Trust: 0.8
db:JVNDBid:JVNDB-2019-006087
Trust: 0.8
db:CXSECURITYid:WLB-2019060154
Trust: 0.6
db:AUSCERTid:ESB-2019.2348
Trust: 0.6
db:IVDid:81E5E7B5-957E-48A4-ADE8-19B359B65CB3
Trust: 0.2
db:VULHUBid:VHN-158660
Trust: 0.1
sources:
            
            
            IVD: 81e5e7b5-957e-48a4-ade8-19b359b65cb3 // 
            
            
            
            CNVD: CNVD-2019-19833 // 
            
            
            
            VULHUB: VHN-158660 // 
            
            
            
            BID: 108922 // 
            
            
            
            JVNDB: JVNDB-2019-006087 // 
            
            
            
            PACKETSTORM: 153397 // 
            
            
            
            CNNVD: CNNVD-201906-894 // 
            
            
            
            NVD: CVE-2019-7225

REFERENCES
url:http://packetstormsecurity.com/files/153397/abb-hmi-hardcoded-credentials.html
Trust: 2.9
url:http://seclists.org/fulldisclosure/2019/jun/38
Trust: 2.6
url:https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/
Trust: 2.5
url:http://www.securityfocus.com/bid/108922
Trust: 2.3
url:https://www.us-cert.gov/ics/advisories/icsa-19-178-03
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-7225
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7225
Trust: 1.4
url:https://www.us-cert.gov/ics/advisories/icsa-19-178-01
Trust: 1.4
url:http://www.abb.com/
Trust: 0.9
url:https://library.e.abb.com/public/6b454c20b3a2445ea148a07c46a2f85c/abb-advisory_3adr010376.pdf
Trust: 0.9
url:https://cxsecurity.com/issue/wlb-2019060154
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2348/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=3adr010376&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://search.abb.com/library/download.aspx?documentid=3adr010377&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://search.abb.com/library/download.aspx?documentid=3adr010402&languagecode=en&documentpartid=&action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-19833 // 
            
            
            
            VULHUB: VHN-158660 // 
            
            
            
            BID: 108922 // 
            
            
            
            JVNDB: JVNDB-2019-006087 // 
            
            
            
            PACKETSTORM: 153397 // 
            
            
            
            CNNVD: CNNVD-201906-894 // 
            
            
            
            NVD: CVE-2019-7225

CREDITS
xen1thLabs,Xen1thLabs.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201906-894

SOURCES
db:IVDid:81e5e7b5-957e-48a4-ade8-19b359b65cb3
db:CNVDid:CNVD-2019-19833
db:VULHUBid:VHN-158660
db:BIDid:108922
db:JVNDBid:JVNDB-2019-006087
db:PACKETSTORMid:153397
db:CNNVDid:CNNVD-201906-894
db:NVDid:CVE-2019-7225

LAST UPDATE DATE
2024-11-23T21:52:11.991000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-19833date:2019-06-30T00:00:00
db:VULHUBid:VHN-158660date:2019-10-09T00:00:00
db:BIDid:108922date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-006087date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201906-894date:2020-07-28T00:00:00
db:NVDid:CVE-2019-7225date:2024-11-21T04:47:47.397

SOURCES RELEASE DATE
db:IVDid:81e5e7b5-957e-48a4-ade8-19b359b65cb3date:2019-06-30T00:00:00
db:CNVDid:CNVD-2019-19833date:2019-06-28T00:00:00
db:VULHUBid:VHN-158660date:2019-06-27T00:00:00
db:BIDid:108922date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-006087date:2019-07-09T00:00:00
db:PACKETSTORMid:153397date:2019-06-21T18:32:22
db:CNNVDid:CNNVD-201906-894date:2019-06-21T00:00:00
db:NVDid:CVE-2019-7225date:2019-06-27T17:15:15.770