Uncontrolled Format String Vulnerability in ABB IDAL HTTP Server
CVE-2019-7228

8.8HIGH

Key Information:

Vendor

Abb

Status
Pb610 Panel Builder 600 Firmware
Vendor
CVE Published:
27 June 2019

What is CVE-2019-7228?

The ABB IDAL HTTP server has a vulnerability that arises from improper handling of format strings which can occur during the authentication process. Specifically, if an attacker attempts to authenticate using crafted usernames or cookies, this can lead to a system crash. Additionally, sending specific format strings can inadvertently expose sensitive memory data, revealing stack content and potentially compromising system integrity. This vulnerability represents a significant security risk for users of the Abb IDAL HTTP Server.

References

http://seclists.org/fulldisclosure/2019/Jun/43
mailing-listx_refsource_FULLDISC
https://search.abb.com/library/Download.aspx?DocumentID=3...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/153404/ABB-IDAL-HTTP...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-7228 : Uncontrolled Format String Vulnerability in ABB IDAL HTTP Server