CVE-2019-18995

The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting...

CVE-2019-7225

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...

EUVD-2019-16769

Malware in sbrugna...

ABB PB610 Panel Builder 600 Use of Hard-Coded Credentials (CVE-2019-7225)

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool Panel Builder 600 to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...

ABB (CVE-2019-7229)

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: Utilization of USB/SD Card to flash the device and Remote provisioning process via ABB Panel Builder 600 over FTP. Neither of these transmission methods implements any form of encryption...

ABB PB610 Panel Builder 600 PB610 HMISimulator Component Denial of Service Vulnerability

ABB PB610 Panel Builder 600 is a software for designing graphical user interfaces for the CP600 control panel platform. A security vulnerability in the ABB PB610 Panel Builder 600 PB610 HMIStudio component parsing HTTP requests allows remote attackers to exploit the vulnerability by submitting a...

ABB PB610 Panel Builder 600 PB610 HMISimulator Unauthorized Access Vulnerability

ABB PB610 Panel Builder 600 is a software from ABB Switzerland for designing graphical user interfaces for the CP600 control panel platform.PB610 HMISimulator is one of the PB610 emulator components. A security vulnerability exists in the path configuration of PB610 HMISimulator 2.8.0.424 and...

CVE-2019-18996

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context...

CVE-2019-18994

Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty .JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service...

CVE-2019-18995

The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting...

CVE-2019-18994

Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty .JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service...

Path traversal

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context...

Design/Logic Flaw

The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting...

Path traversal

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting...

ABB PB610 HMIStudio accepts malicious DLL file in an application

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context...

CVE-2019-18997 PB610 HMISimulator provides interface with access to arbitrary files

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting...

CVE-2019-18997

ABB PB610 Panel Builder 600's HMISimulator component exposes a path traversal vulnerability. In PB610 HMISimulator versions 2.8.0.424 and earlier, the readFile/writeFile interface can manipulate the work file in a way that may allow access to files outside the working directory, enabling unauthor...

CVE-2019-18995

The CVE-2019-18995 issue affects ABB PB610 Panel Builder 600 HMISimulator component, specifically versions 2.8.0.424 and earlier. The root cause is that the HMISimulator fails to validate the HTTP Content-Length header, allowing crafted HTTP requests to trigger a denial-of-service condition. Mult...

CVE-2019-18995 ABB PB610 HMISimulator does not check content-length of the HTTP request

The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting...

ABB PB610 Multiple Security Vulnerabilities

Description ABB PB610 Panel Builder 600 is prone to the following vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. An arbitrary code-execution vulnerability 3. An unauthorized file-access vulnerability Attackers can exploit these issues to execute arbitrary code, access or read...