Sign-up

ID

VAR-201912-1550


CVE

CVE-2019-18996


TITLE

ABB PB610 Panel Builder 600 Vulnerabilities related to untrusted search paths

Trust: 0.8

sources: JVNDB: JVNDB-2019-013708

DESCRIPTION

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context. ABB PB610 Panel Builder 600 Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB PB610 Panel Builder 600 is a software that designs a graphical user interface for the CP600 control panel platform. An attacker could exploit this vulnerability to execute code within the context of the application

Trust: 2.25

sources: NVD: CVE-2019-18996 // JVNDB: JVNDB-2019-013708 // CNVD: CNVD-2020-22289 // VULHUB: VHN-151398

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22289

AFFECTED PRODUCTS

vendor:abbmodel:pb610 panel builder 600scope:lteversion:2.8.0.424

Trust: 1.8

vendor:abbmodel:pb610 panel builderscope:eqversion:600

Trust: 0.6

sources: CNVD: CNVD-2020-22289 // JVNDB: JVNDB-2019-013708 // NVD: CVE-2019-18996

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18996
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-18996
value: HIGH

Trust: 1.0

NVD: CVE-2019-18996
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-22289
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-886
value: HIGH

Trust: 0.6

VULHUB: VHN-151398
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-18996
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-22289
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-151398
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18996
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-18996
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 4.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-18996
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22289 // VULHUB: VHN-151398 // JVNDB: JVNDB-2019-013708 // CNNVD: CNNVD-201912-886 // NVD: CVE-2019-18996 // NVD: CVE-2019-18996

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.9

problemtype:CWE-424

Trust: 1.0

sources: VULHUB: VHN-151398 // JVNDB: JVNDB-2019-013708 // NVD: CVE-2019-18996

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-886

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201912-886

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013708

PATCH
title:Multiple Vulnerabilities in ABB PB610 ABBVU-RAMF-1908001, ABBVU-RAMF-1908002, ABBVU-RAMF-1908003, ABBVU-RAMF-1908004url:http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB PB610 Panel Builder 600 PB610 HMIStudio DLL parsing vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/213417
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22289 // 
            
            
            
            JVNDB: JVNDB-2019-013708

EXTERNAL IDS
db:NVDid:CVE-2019-18996
Trust: 3.1
db:JVNDBid:JVNDB-2019-013708
Trust: 0.8
db:CNVDid:CNVD-2020-22289
Trust: 0.7
db:CNNVDid:CNNVD-201912-886
Trust: 0.7
db:VULHUBid:VHN-151398
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-22289 // 
            
            
            
            VULHUB: VHN-151398 // 
            
            
            
            JVNDB: JVNDB-2019-013708 // 
            
            
            
            CNNVD: CNNVD-201912-886 // 
            
            
            
            NVD: CVE-2019-18996

REFERENCES
url:http://search.abb.com/library/download.aspx?documentid=3adr010466&languagecode=en&documentpartid=&action=launch
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-18996
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18996
Trust: 0.8
url:http://search.abb.com/library/download.aspx?documentid=3adr010466&languagecode=en&documentpartid=&action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-22289 // 
            
            
            
            VULHUB: VHN-151398 // 
            
            
            
            JVNDB: JVNDB-2019-013708 // 
            
            
            
            CNNVD: CNNVD-201912-886 // 
            
            
            
            NVD: CVE-2019-18996

SOURCES
db:CNVDid:CNVD-2020-22289
db:VULHUBid:VHN-151398
db:JVNDBid:JVNDB-2019-013708
db:CNNVDid:CNNVD-201912-886
db:NVDid:CVE-2019-18996

LAST UPDATE DATE
2024-11-23T22:51:32.364000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22289date:2020-04-11T00:00:00
db:VULHUBid:VHN-151398date:2023-02-03T00:00:00
db:JVNDBid:JVNDB-2019-013708date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201912-886date:2020-02-11T00:00:00
db:NVDid:CVE-2019-18996date:2024-11-21T04:33:57.740

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22289date:2020-04-11T00:00:00
db:VULHUBid:VHN-151398date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-013708date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201912-886date:2019-12-18T00:00:00
db:NVDid:CVE-2019-18996date:2019-12-18T21:15:13.507