ABB PB610 HMIStudio accepts malicious DLL file in an application
CVE-2019-18996

7.1HIGH

Key Information:

Vendor: Abb
Status: Pb610 Panel Builder 600
Vendor: CVE Published:; 18 December 2019

What is CVE-2019-18996?

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context.

Affected Version(s)

PB610 Panel Builder 600 <= 2.8.0.424

References

http://search.abb.com/library/Download.aspx?DocumentID=3A...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 18, 2019
Vulnerability Reserved
Nov 15, 2019

Credit

NSFOCUS for providing vulnerability details and proof of concept.

Abb

What is CVE-2019-18996?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit