Lucene search

ABBCVELIST:CVE-2019-18996

HistoryDec 18, 2019 - 8:24 p.m.

CVE-2019-18996 ABB PB610 HMIStudio accepts malicious DLL file in an application

2019-12-1820:24:44

CWE-424

ABB

www.cve.org

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L

0.001 Low

EPSS

Percentile

31.5%

JSON

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context.

CNA Affected

[
  {
    "product": "PB610 Panel Builder 600",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "2.8.0.424",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L

0.001 Low

EPSS

Percentile

31.5%

JSON

Related for CVELIST:CVE-2019-18996