Buffer Overflow Vulnerability in ABB IDAL FTP Server
CVE-2019-7231

5.7MEDIUM

Key Information:

Vendor

Abb

Status
Pb610 Panel Builder 600 Firmware
Vendor
CVE Published:
24 June 2019

What is CVE-2019-7231?

The ABB IDAL FTP server is vulnerable to a buffer overflow that occurs when an authenticated attacker sends a lengthy FTP command string. Specifically, by submitting a command string of 472 bytes or more, the attacker can overflow the server's buffer. This leads to an exception that ultimately terminates the server process, potentially disrupting service and exposing the system to further threats.

References

https://www.darkmatter.ae/xen1thlabs/published-advisories/
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Jun/35
mailing-listx_refsource_FULLDISC
https://search.abb.com/library/Download.aspx?DocumentID=3...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-7231 : Buffer Overflow Vulnerability in ABB IDAL FTP Server