Sign-up

ID

VAR-201912-1551


CVE

CVE-2019-18997


TITLE

ABB PB610 Panel Builder 600 Vulnerable to unauthorized authentication

Trust: 0.8

sources: JVNDB: JVNDB-2019-013709

DESCRIPTION

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access. PB610 HMISimulator is one of the PB610 simulator components

Trust: 2.25

sources: NVD: CVE-2019-18997 // JVNDB: JVNDB-2019-013709 // CNVD: CNVD-2020-03163 // VULHUB: VHN-151399

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03163

AFFECTED PRODUCTS

vendor:abbmodel:pb610 panel builder 600scope:lteversion:2.8.0.424

Trust: 1.8

vendor:abbmodel:pb610 panel builderscope:eqversion:600<=2.8.0.424

Trust: 0.6

sources: CNVD: CNVD-2020-03163 // JVNDB: JVNDB-2019-013709 // NVD: CVE-2019-18997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18997
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-18997
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18997
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-03163
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-887
value: HIGH

Trust: 0.6

VULHUB: VHN-151399
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-18997
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03163
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-151399
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18997
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-18997
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-18997
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03163 // VULHUB: VHN-151399 // JVNDB: JVNDB-2019-013709 // CNNVD: CNNVD-201912-887 // NVD: CVE-2019-18997 // NVD: CVE-2019-18997

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-424

Trust: 1.0

problemtype:CWE-863

Trust: 0.9

sources: VULHUB: VHN-151399 // JVNDB: JVNDB-2019-013709 // NVD: CVE-2019-18997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-887

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-887

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013709

PATCH
title:Multiple Vulnerabilities in ABB PB610 ABBVU-RAMF-1908001, ABBVU-RAMF-1908002, ABBVU-RAMF-1908003, ABBVU-RAMF-1908004url:http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013709

EXTERNAL IDS
db:NVDid:CVE-2019-18997
Trust: 3.1
db:JVNDBid:JVNDB-2019-013709
Trust: 0.8
db:CNVDid:CNVD-2020-03163
Trust: 0.7
db:CNNVDid:CNNVD-201912-887
Trust: 0.7
db:VULHUBid:VHN-151399
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-03163 // 
            
            
            
            VULHUB: VHN-151399 // 
            
            
            
            JVNDB: JVNDB-2019-013709 // 
            
            
            
            CNNVD: CNNVD-201912-887 // 
            
            
            
            NVD: CVE-2019-18997

REFERENCES
url:http://search.abb.com/library/download.aspx?documentid=3adr010466&languagecode=en&documentpartid=&action=launch
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-18997
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18997
Trust: 0.8
url:http://search.abb.com/library/download.aspx?documentid=3adr010466&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-03163 // 
            
            
            
            VULHUB: VHN-151399 // 
            
            
            
            JVNDB: JVNDB-2019-013709 // 
            
            
            
            CNNVD: CNNVD-201912-887 // 
            
            
            
            NVD: CVE-2019-18997

SOURCES
db:CNVDid:CNVD-2020-03163
db:VULHUBid:VHN-151399
db:JVNDBid:JVNDB-2019-013709
db:CNNVDid:CNNVD-201912-887
db:NVDid:CVE-2019-18997

LAST UPDATE DATE
2024-11-23T22:48:10.746000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03163date:2020-01-22T00:00:00
db:VULHUBid:VHN-151399date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2019-013709date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201912-887date:2020-10-23T00:00:00
db:NVDid:CVE-2019-18997date:2024-11-21T04:33:57.857

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03163date:2020-01-22T00:00:00
db:VULHUBid:VHN-151399date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-013709date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201912-887date:2019-12-18T00:00:00
db:NVDid:CVE-2019-18997date:2019-12-18T21:15:13.630