Path Traversal Vulnerability in ABB IDAL FTP Server
CVE-2019-7227

7.3HIGH

Key Information:

Vendor

Abb

Status
Pb610 Panel Builder 600 Firmware
Vendor
CVE Published:
27 June 2019

What is CVE-2019-7227?

The ABB IDAL FTP server is susceptible to a path traversal vulnerability that allows authenticated attackers to navigate to arbitrary directories on the server. By utilizing the 'CWD ../' command, they can exploit the FTP functionality to upload and download files from unauthorized locations. Additionally, an unauthenticated user can leverage default credentials (exor/exor) to gain access and authenticate, further increasing the risk of exploitation.

References

http://seclists.org/fulldisclosure/2019/Jun/37
mailing-listx_refsource_FULLDISC
https://search.abb.com/library/Download.aspx?DocumentID=3...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/153396/ABB-IDAL-FTP-...
x_refsource_MISC

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.