Uncontrolled Format String Vulnerability in ABB IDAL FTP Server
CVE-2019-7230

8.8HIGH

Key Information:

Vendor

Abb

Status
Pb610 Panel Builder 600 Firmware
Vendor
CVE Published:
24 June 2019

What is CVE-2019-7230?

The ABB IDAL FTP Server is susceptible to an uncontrolled format string vulnerability during the authentication process. This issue can be triggered by supplying a specially crafted username that exploits format strings. For instance, a username formatted as %s%p%x%d can lead to a server crash, while an input like %08x.AAAA.%08x.%08x may expose sensitive memory content from the stack, potentially revealing critical information to attackers.

References

https://www.darkmatter.ae/xen1thlabs/published-advisories/
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Jun/33
mailing-listx_refsource_FULLDISC
http://seclists.org/fulldisclosure/2019/Jun/33
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-7230 : Uncontrolled Format String Vulnerability in ABB IDAL FTP Server