Sign-up

ID

VAR-202001-1490


CVE

CVE-2019-10995


TITLE

ABB CP651 HMI Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-22286 // CNNVD: CNNVD-201906-1079

DESCRIPTION

ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. ABB CP651 HMI The product contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABB CP651 is a control panel of Swiss ABB company. ABB CP651 HMI has a vulnerability in trust management issues. Attackers can use this vulnerability to insert and run arbitrary code on the affected system. Multiple ABB Products are prone to an hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system

Trust: 2.43

sources: NVD: CVE-2019-10995 // JVNDB: JVNDB-2019-014222 // CNVD: CNVD-2020-22286 // BID: 108928

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22286

AFFECTED PRODUCTS

vendor:abbmodel:cp651scope: - version: -

Trust: 1.4

vendor:abbmodel:cp651-webscope:lteversion:bsp_un30_1.76

Trust: 1.0

vendor:abbmodel:cp661-webscope:lteversion:bsp_un30_1.76

Trust: 1.0

vendor:abbmodel:cp661scope:lteversion:bsp_un30_1.76

Trust: 1.0

vendor:abbmodel:cp651scope:lteversion:bsp_un30_1.76

Trust: 1.0

vendor:abbmodel:cp676-webscope:lteversion:bsp_un30_1.76

Trust: 1.0

vendor:abbmodel:cp676scope:lteversion:bsp_un30_1.76

Trust: 1.0

vendor:abbmodel:cp665-webscope:lteversion:bsp_un30_1.76

Trust: 1.0

vendor:abbmodel:cp665scope:lteversion:bsp_un30_1.76

Trust: 1.0

vendor:abbmodel:cp651-webscope: - version: -

Trust: 0.8

vendor:abbmodel:cp661scope: - version: -

Trust: 0.8

vendor:abbmodel:cp661-webscope: - version: -

Trust: 0.8

vendor:abbmodel:cp665scope: - version: -

Trust: 0.8

vendor:abbmodel:cp665-webscope: - version: -

Trust: 0.8

vendor:abbmodel:cp676scope: - version: -

Trust: 0.8

vendor:abbmodel:cp676-webscope: - version: -

Trust: 0.8

vendor:abbmodel:cp676-webscope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp676scope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp665-webscope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp665scope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp661-webscope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp661scope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp651-webscope:eqversion:0

Trust: 0.3

vendor:abbmodel:cp651scope:eqversion:0

Trust: 0.3

vendor:abbmodel:pb610 panel builderscope:neversion:6002.8.0.424

Trust: 0.3

sources: CNVD: CNVD-2020-22286 // BID: 108928 // JVNDB: JVNDB-2019-014222 // NVD: CVE-2019-10995

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10995
value: HIGH

Trust: 1.0

NVD: CVE-2019-10995
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-22286
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-1079
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-10995
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-22286
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10995
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10995
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22286 // JVNDB: JVNDB-2019-014222 // CNNVD: CNNVD-201906-1079 // NVD: CVE-2019-10995

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2019-014222 // NVD: CVE-2019-10995

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1079

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-1079

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014222

PATCH
title:Top Pageurl:https://www.bbb.org/
Trust: 0.8
title:Patch for ABB CP651 HMI Trust Management Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/213421
Trust: 0.6
title:ABB CP651 HMI Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94182
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22286 // 
            
            
            
            JVNDB: JVNDB-2019-014222 // 
            
            
            
            CNNVD: CNNVD-201906-1079

EXTERNAL IDS
db:NVDid:CVE-2019-10995
Trust: 3.3
db:ICS CERTid:ICSA-19-178-02
Trust: 2.7
db:BIDid:108928
Trust: 2.5
db:JVNDBid:JVNDB-2019-014222
Trust: 0.8
db:CNVDid:CNVD-2020-22286
Trust: 0.6
db:AUSCERTid:ESB-2019.2347
Trust: 0.6
db:CNNVDid:CNNVD-201906-1079
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22286 // 
            
            
            
            BID: 108928 // 
            
            
            
            JVNDB: JVNDB-2019-014222 // 
            
            
            
            CNNVD: CNNVD-201906-1079 // 
            
            
            
            NVD: CVE-2019-10995

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-178-02
Trust: 2.7
url:http://www.securityfocus.com/bid/108928
Trust: 1.6
url:http://www.abb.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10995
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-10995
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-18994
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2347/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22286 // 
            
            
            
            BID: 108928 // 
            
            
            
            JVNDB: JVNDB-2019-014222 // 
            
            
            
            CNNVD: CNNVD-201906-1079 // 
            
            
            
            NVD: CVE-2019-10995

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 108928

SOURCES
db:CNVDid:CNVD-2020-22286
db:BIDid:108928
db:JVNDBid:JVNDB-2019-014222
db:CNNVDid:CNNVD-201906-1079
db:NVDid:CVE-2019-10995

LAST UPDATE DATE
2024-11-23T22:33:36.371000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22286date:2020-04-11T00:00:00
db:BIDid:108928date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-014222date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-201906-1079date:2019-07-04T00:00:00
db:NVDid:CVE-2019-10995date:2024-11-21T04:20:18.987

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22286date:2020-04-11T00:00:00
db:BIDid:108928date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-014222date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-201906-1079date:2019-06-28T00:00:00
db:NVDid:CVE-2019-10995date:2020-01-14T17:15:12.427