Sign-up

ID

VAR-201912-1548


CVE

CVE-2019-18994


TITLE

ABB PB610 Panel Builder 600 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013706

DESCRIPTION

Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service. ABB PB610 Panel Builder 600 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB PB610 Panel Builder 600 is a software that designs a graphical user interface for the CP600 control panel platform. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. ABB CP651 HMI has a vulnerability in trust management issues

Trust: 2.88

sources: NVD: CVE-2019-18994 // JVNDB: JVNDB-2019-013706 // CNVD: CNVD-2020-22287 // CNVD: CNVD-2020-22286 // VULHUB: VHN-151396 // VULMON: CVE-2019-18994

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2020-22287 // CNVD: CNVD-2020-22286

AFFECTED PRODUCTS

vendor:abbmodel:pb610 panel builder 600scope:lteversion:2.8.0.424

Trust: 1.8

vendor:abbmodel:cp651scope: - version: -

Trust: 1.2

vendor:abbmodel:cp635 hmiscope: - version: -

Trust: 0.6

vendor:abbmodel:pb610 panel builderscope:eqversion:600<=2.8.0.424

Trust: 0.6

vendor:abbmodel:cp661scope: - version: -

Trust: 0.6

vendor:abbmodel:cp665scope: - version: -

Trust: 0.6

vendor:abbmodel:cp676scope: - version: -

Trust: 0.6

vendor:abbmodel:cp651-webscope: - version: -

Trust: 0.6

vendor:abbmodel:cp661-webscope: - version: -

Trust: 0.6

vendor:abbmodel:cp665-webscope: - version: -

Trust: 0.6

vendor:abbmodel:cp676-webscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-22287 // CNVD: CNVD-2020-22286 // JVNDB: JVNDB-2019-013706 // NVD: CVE-2019-18994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18994
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-18994
value: LOW

Trust: 1.0

NVD: CVE-2019-18994
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-22287
value: LOW

Trust: 0.6

CNVD: CNVD-2020-22286
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-883
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151396
value: LOW

Trust: 0.1

VULMON: CVE-2019-18994
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-18994
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-22287
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2020-22286
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-151396
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18994
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-18994
baseSeverity: LOW
baseScore: 3.9
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.3
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2019-18994
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22287 // CNVD: CNVD-2020-22286 // VULHUB: VHN-151396 // VULMON: CVE-2019-18994 // JVNDB: JVNDB-2019-013706 // CNNVD: CNNVD-201912-883 // NVD: CVE-2019-18994 // NVD: CVE-2019-18994

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-151396 // JVNDB: JVNDB-2019-013706 // NVD: CVE-2019-18994

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-883

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-883

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013706

PATCH
title:Multiple Vulnerabilities in ABB PB610 ABBVU-RAMF-1908001, ABBVU-RAMF-1908002, ABBVU-RAMF-1908003, ABBVU-RAMF-1908004url:http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB CP651 HMI Trust Management Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/213421
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22286 // 
            
            
            
            JVNDB: JVNDB-2019-013706

EXTERNAL IDS
db:NVDid:CVE-2019-18994
Trust: 3.8
db:JVNDBid:JVNDB-2019-013706
Trust: 0.8
db:CNVDid:CNVD-2020-22287
Trust: 0.7
db:CNNVDid:CNNVD-201912-883
Trust: 0.7
db:BIDid:108928
Trust: 0.6
db:CNVDid:CNVD-2020-22286
Trust: 0.6
db:VULHUBid:VHN-151396
Trust: 0.1
db:VULMONid:CVE-2019-18994
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-22287 // 
            
            
            
            CNVD: CNVD-2020-22286 // 
            
            
            
            VULHUB: VHN-151396 // 
            
            
            
            VULMON: CVE-2019-18994 // 
            
            
            
            JVNDB: JVNDB-2019-013706 // 
            
            
            
            CNNVD: CNNVD-201912-883 // 
            
            
            
            NVD: CVE-2019-18994

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-18994
Trust: 2.6
url:http://search.abb.com/library/download.aspx?documentid=3adr010466&languagecode=en&documentpartid=&action=launch
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18994
Trust: 0.8
url:http://search.abb.com/library/download.aspx?documentid=3adr010466&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-22287 // 
            
            
            
            CNVD: CNVD-2020-22286 // 
            
            
            
            VULHUB: VHN-151396 // 
            
            
            
            VULMON: CVE-2019-18994 // 
            
            
            
            JVNDB: JVNDB-2019-013706 // 
            
            
            
            CNNVD: CNNVD-201912-883 // 
            
            
            
            NVD: CVE-2019-18994

SOURCES
db:CNVDid:CNVD-2020-22287
db:CNVDid:CNVD-2020-22286
db:VULHUBid:VHN-151396
db:VULMONid:CVE-2019-18994
db:JVNDBid:JVNDB-2019-013706
db:CNNVDid:CNNVD-201912-883
db:NVDid:CVE-2019-18994

LAST UPDATE DATE
2024-11-23T22:33:36.334000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22287date:2020-04-11T00:00:00
db:CNVDid:CNVD-2020-22286date:2020-04-11T00:00:00
db:VULHUBid:VHN-151396date:2019-12-31T00:00:00
db:VULMONid:CVE-2019-18994date:2019-12-31T00:00:00
db:JVNDBid:JVNDB-2019-013706date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201912-883date:2020-01-02T00:00:00
db:NVDid:CVE-2019-18994date:2024-11-21T04:33:57.503

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22287date:2020-04-11T00:00:00
db:CNVDid:CNVD-2020-22286date:2020-04-11T00:00:00
db:VULHUBid:VHN-151396date:2019-12-18T00:00:00
db:VULMONid:CVE-2019-18994date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-013706date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201912-883date:2019-12-18T00:00:00
db:NVDid:CVE-2019-18994date:2019-12-18T21:15:13.240