Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-7225 (GCVE-0-2019-7225)
Vulnerability from cvelistv5 – Published: 2019-06-27 16:38 – Updated: 2024-08-04 20:46
VLAI?
EPSS
Summary
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:45.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190624 XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/"
},
{
"name": "20190620 XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"name": "108922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-01T06:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190624 XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/"
},
{
"name": "20190620 XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"name": "108922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190624 XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"name": "http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html"
},
{
"name": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/",
"refsource": "MISC",
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/"
},
{
"name": "20190620 XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"name": "108922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7225",
"datePublished": "2019-06-27T16:38:39",
"dateReserved": "2019-01-30T00:00:00",
"dateUpdated": "2024-08-04T20:46:45.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-7225\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-27T17:15:15.770\",\"lastModified\":\"2024-11-21T04:47:47.397\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \\\"Panel Builder 600\\\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.\"},{\"lang\":\"es\",\"value\":\"Los componentes HMI de ABB implementan cuentas administrativas ocultas que se utilizan durante la fase de aprovisionamiento de la interfaz HMI. Estas credenciales permiten que la herramienta de aprovisionamiento \\\"Panel Builder 600\\\" muestre una nueva interfaz y mapeo de etiquetas (bobinas MODBUS) en el HMI. Estas credenciales son la contrase\u00f1a idal123 para la cuenta IdalMaster y la contrase\u00f1a exor para la cuenta exor. Estas credenciales se utilizan tanto en HTTP (S) como en FTP. No hay opci\u00f3n para deshabilitar o cambiar estas credenciales no documentadas. Un atacante puede usar estas credenciales para iniciar sesi\u00f3n en ABB HMI para leer / escribir archivos de configuraci\u00f3n de HMI y tambi\u00e9n para restablecer el dispositivo. Esto afecta a HMI ABB CP635, HMIClient CP600, Panel Builder 600, servidor FTP IDAL, servidor HTTP IDAL y muchos otros componentes HMI.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp620_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"1E7480BA-5E10-4B70-82D7-755F09CAD291\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp620:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C49C0B1-EFAE-456C-9F8E-3E454B67110D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp620-web_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"876974B2-1EB6-41FC-B2F5-F0C3AE1F43BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp620-web:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84DAB292-C0B2-4BD9-B806-ED12FC6C7A9E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp630_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"3B5BEC2B-5E6E-40F3-9E0B-487FB0098F35\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp630:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CBD8A3B-CEE7-4FA3-959C-E828354B5A05\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp630-web_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"29FE6356-0F2C-43A0-A4BB-E3C4F70A8171\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp630-web:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B60F253F-8042-4877-A519-C28459EF6555\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp635_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"7C7B5542-C2D2-4A29-9E40-C356883DA309\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp635:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77B6E1FC-6DFE-477E-AD49-CE37CEDF27CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp635-b_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"8BC98A8D-6477-471B-8C4E-3F3CB5C6933F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp635-b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0559D243-6CCB-418F-A78D-3CB202262F38\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp635-web_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"5AB7EEE4-81B8-49C3-B482-243B62A9AEC7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp635-web:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D3AB80B-8AE2-4359-92B9-1465EB244029\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:pb610_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.91\",\"versionEndIncluding\":\"2.8.0.3674\",\"matchCriteriaId\":\"28D5DC67-1218-4AB3-974A-00E798B4BA3F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pb610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6C4875D-C8BF-459E-8AB3-2CD8A0C6189B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp651-web_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"25522616-145A-4A39-A8C9-3D7998C26F31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp651-web:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"849EBA94-A50E-4CFF-8C79-EA7E7243EAC9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp661_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"3832220C-02D2-48B9-8CD2-70FB5D1994D1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp661:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0691F9D-F6FE-40C2-A538-318F405F47DD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp661-web_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"EECDAF37-075D-4AFB-B724-3EB7AA16A302\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp661-web:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC8588CE-588A-4C83-BBFE-502E72D006F1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp665_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"E1A0E882-1EE7-4FE1-AE59-35D02D0332D3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp665:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF29C1B8-7CC4-4659-95BF-6B7B37AFC298\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp665-web_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"67556F86-148E-4C10-87CE-658927A91FB2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp665-web:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8068A1EE-D2A5-43E9-A297-47E9916E040A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp676_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"15EA28D1-D2A1-4692-806D-1D0ADF53C762\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp676:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C9F98FC-D563-4A3F-B189-BD2FED21039D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp676-web_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"5E7E19FD-9B92-410D-A023-FB68F14B0328\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp676-web:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF8D95A5-31B9-4366-BC56-489715ED7384\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:cp651_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.76\",\"matchCriteriaId\":\"AE6414E4-B285-44C3-8D08-DFAA475E121A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:cp651:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BD27ACE-A1F6-450C-9853-00F0D87A182A\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/38\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108922\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/38\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
ICSA-19-178-01
Vulnerability from csaf_cisa - Published: 2019-06-27 00:00 - Updated: 2019-06-27 00:00Summary
ABB PB610 Panel Builder 600
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
An attacker who successfully exploits these vulnerabilities could prevent legitimate access to an affected system node, remotely cause an affected system node to stop, take control of an affected system node, or insert and run arbitrary code in an affected system node.
Critical infrastructure sectors
Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater
Countries/areas deployed
Worldwide
Company headquarters location
Switzerland
Recommended Practices
NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities. If a control panel with a PB610 HMI application is connected to a network, an attacker who has network access to an affected system node could exploit these vulnerabilities. If the control panel is not connected to a network, an attacker would need to have physical access to an affected system node to exploit these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"organization": "Xen1thLabs, a Darkmatter Company",
"summary": "reporting these vulnerabilities to ABB"
},
{
"organization": "United Arab Emirates",
"summary": "reporting these vulnerabilities to ABB"
},
{
"organization": "Abu Dhabi",
"summary": "reporting these vulnerabilities to ABB"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "An attacker who successfully exploits these vulnerabilities could prevent legitimate access to an affected system node, remotely cause an affected system node to stop, take control of an affected system node, or insert and run arbitrary code in an affected system node.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities. If a control panel with a PB610 HMI application is connected to a network, an attacker who has network access to an affected system node could exploit these vulnerabilities. If the control panel is not connected to a network, an attacker would need to have physical access to an affected system node to exploit these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-178-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-178-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-178-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-178-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-178-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B"
}
],
"title": "ABB PB610 Panel Builder 600",
"tracking": {
"current_release_date": "2019-06-27T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-178-01",
"initial_release_date": "2019-06-27T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-06-27T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-178-01 ABB PB610 Panel Builder 600"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "1SAP500900R0101 | 1.91 \u003c= 2.8.0.367",
"product": {
"name": "PB610 Panel Builder 600 order code: 1SAP500900R0101 Versions 1.91 \u00e2\u20ac\u00a6 2.8.0.367 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "PB610 Panel Builder 600 order code"
}
],
"category": "vendor",
"name": "ABB"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-7225",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "The ABB CP635 HMI component implements hidden administrative accounts used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool Panel Builder 600 to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials.CVE-2019-7225 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7225"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PB610 Panel Builder 600: v2.8.0.424.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A4167\u0026LanguageCode=de\u0026LanguageCode=en\u0026LanguageCode=es\u0026LanguageCode=fr\u0026LanguageCode=zh\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN31: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN31V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN30: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN30V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "ABB recommends users apply the update of the PB610 applications on CP600 control panels at the earliest convenience.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If an update of the devices is not possible. ABB recommends users restrict network access to the devices to only trusted parties/devices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "To prevent an unauthorized login via a remote client, leave the \u201cForce Remote Login\u201d option of the security settings checked (default setting). In addition, set new users and passwords in the user\u0027s settings for remote clients to \u201cuse different user and password.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Restrict physical access to process control systems to authorized personnel,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not have direct connections to the Internet,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Separate from other networks by means of a firewall system with a minimal number of exposed ports,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "More information on ABB\u0027s recommended practices can be found in the following document: 3BSE032547, Whitepaper - Security for Industrial Automation and Control Systems",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://library.e.abb.com/public/b1f29a78bc9979d7c12577ec00177633/3BSE032547_B_en_Security_for_Industrial_Automation_and_Control_Systems.pdf"
},
{
"category": "mitigation",
"details": "For additional information and support please contact the local ABB service organization. For contact information, see: https://new.abb.com/contact-centers.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
},
{
"category": "mitigation",
"details": "Information about ABB\u0027s cybersecurity program and capabilities can be found at: http://www.abb.com/cybersecurity.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://www.abb.com/cybersecurity"
},
{
"category": "mitigation",
"details": "For more information see ABB\u0027s security advisory 3ADR010377.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2019-7226",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "The IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions.CVE-2019-7226 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7226"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PB610 Panel Builder 600: v2.8.0.424.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A4167\u0026LanguageCode=de\u0026LanguageCode=en\u0026LanguageCode=es\u0026LanguageCode=fr\u0026LanguageCode=zh\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN31: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN31V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN30: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN30V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "ABB recommends users apply the update of the PB610 applications on CP600 control panels at the earliest convenience.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If an update of the devices is not possible. ABB recommends users restrict network access to the devices to only trusted parties/devices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "To prevent an unauthorized login via a remote client, leave the \u201cForce Remote Login\u201d option of the security settings checked (default setting). In addition, set new users and passwords in the user\u0027s settings for remote clients to \u201cuse different user and password.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Restrict physical access to process control systems to authorized personnel,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not have direct connections to the Internet,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Separate from other networks by means of a firewall system with a minimal number of exposed ports,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "More information on ABB\u0027s recommended practices can be found in the following document: 3BSE032547, Whitepaper - Security for Industrial Automation and Control Systems",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://library.e.abb.com/public/b1f29a78bc9979d7c12577ec00177633/3BSE032547_B_en_Security_for_Industrial_Automation_and_Control_Systems.pdf"
},
{
"category": "mitigation",
"details": "For additional information and support please contact the local ABB service organization. For contact information, see: https://new.abb.com/contact-centers.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
},
{
"category": "mitigation",
"details": "Information about ABB\u0027s cybersecurity program and capabilities can be found at: http://www.abb.com/cybersecurity.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://www.abb.com/cybersecurity"
},
{
"category": "mitigation",
"details": "For more information see ABB\u0027s security advisory 3ADR010377.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2019-7227",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "summary",
"text": "The IDAL FTP server fails to ensure directory change requests do not change to locations outside of the root FTP directory. An authenticated attacker can simply traverse outside the server root directory by changing the directory.CVE-2019-7227 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7227"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PB610 Panel Builder 600: v2.8.0.424.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A4167\u0026LanguageCode=de\u0026LanguageCode=en\u0026LanguageCode=es\u0026LanguageCode=fr\u0026LanguageCode=zh\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN31: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN31V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN30: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN30V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "ABB recommends users apply the update of the PB610 applications on CP600 control panels at the earliest convenience.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If an update of the devices is not possible. ABB recommends users restrict network access to the devices to only trusted parties/devices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "To prevent an unauthorized login via a remote client, leave the \u201cForce Remote Login\u201d option of the security settings checked (default setting). In addition, set new users and passwords in the user\u0027s settings for remote clients to \u201cuse different user and password.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Restrict physical access to process control systems to authorized personnel,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not have direct connections to the Internet,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Separate from other networks by means of a firewall system with a minimal number of exposed ports,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "More information on ABB\u0027s recommended practices can be found in the following document: 3BSE032547, Whitepaper - Security for Industrial Automation and Control Systems",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://library.e.abb.com/public/b1f29a78bc9979d7c12577ec00177633/3BSE032547_B_en_Security_for_Industrial_Automation_and_Control_Systems.pdf"
},
{
"category": "mitigation",
"details": "For additional information and support please contact the local ABB service organization. For contact information, see: https://new.abb.com/contact-centers.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
},
{
"category": "mitigation",
"details": "Information about ABB\u0027s cybersecurity program and capabilities can be found at: http://www.abb.com/cybersecurity.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://www.abb.com/cybersecurity"
},
{
"category": "mitigation",
"details": "For more information see ABB\u0027s security advisory 3ADR010377.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2019-7228",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.CVE-2019-7228 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7228"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PB610 Panel Builder 600: v2.8.0.424.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A4167\u0026LanguageCode=de\u0026LanguageCode=en\u0026LanguageCode=es\u0026LanguageCode=fr\u0026LanguageCode=zh\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN31: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN31V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN30: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN30V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "ABB recommends users apply the update of the PB610 applications on CP600 control panels at the earliest convenience.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If an update of the devices is not possible. ABB recommends users restrict network access to the devices to only trusted parties/devices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "To prevent an unauthorized login via a remote client, leave the \u201cForce Remote Login\u201d option of the security settings checked (default setting). In addition, set new users and passwords in the user\u0027s settings for remote clients to \u201cuse different user and password.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Restrict physical access to process control systems to authorized personnel,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not have direct connections to the Internet,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Separate from other networks by means of a firewall system with a minimal number of exposed ports,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "More information on ABB\u0027s recommended practices can be found in the following document: 3BSE032547, Whitepaper - Security for Industrial Automation and Control Systems",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://library.e.abb.com/public/b1f29a78bc9979d7c12577ec00177633/3BSE032547_B_en_Security_for_Industrial_Automation_and_Control_Systems.pdf"
},
{
"category": "mitigation",
"details": "For additional information and support please contact the local ABB service organization. For contact information, see: https://new.abb.com/contact-centers.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
},
{
"category": "mitigation",
"details": "Information about ABB\u0027s cybersecurity program and capabilities can be found at: http://www.abb.com/cybersecurity.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://www.abb.com/cybersecurity"
},
{
"category": "mitigation",
"details": "For more information see ABB\u0027s security advisory 3ADR010377.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2019-7230",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The IDAL FTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.CVE-2019-7230 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7230"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PB610 Panel Builder 600: v2.8.0.424.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A4167\u0026LanguageCode=de\u0026LanguageCode=en\u0026LanguageCode=es\u0026LanguageCode=fr\u0026LanguageCode=zh\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN31: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN31V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN30: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN30V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "ABB recommends users apply the update of the PB610 applications on CP600 control panels at the earliest convenience.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If an update of the devices is not possible. ABB recommends users restrict network access to the devices to only trusted parties/devices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "To prevent an unauthorized login via a remote client, leave the \u201cForce Remote Login\u201d option of the security settings checked (default setting). In addition, set new users and passwords in the user\u0027s settings for remote clients to \u201cuse different user and password.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Restrict physical access to process control systems to authorized personnel,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not have direct connections to the Internet,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Separate from other networks by means of a firewall system with a minimal number of exposed ports,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "More information on ABB\u0027s recommended practices can be found in the following document: 3BSE032547, Whitepaper - Security for Industrial Automation and Control Systems",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://library.e.abb.com/public/b1f29a78bc9979d7c12577ec00177633/3BSE032547_B_en_Security_for_Industrial_Automation_and_Control_Systems.pdf"
},
{
"category": "mitigation",
"details": "For additional information and support please contact the local ABB service organization. For contact information, see: https://new.abb.com/contact-centers.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
},
{
"category": "mitigation",
"details": "Information about ABB\u0027s cybersecurity program and capabilities can be found at: http://www.abb.com/cybersecurity.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://www.abb.com/cybersecurity"
},
{
"category": "mitigation",
"details": "For more information see ABB\u0027s security advisory 3ADR010377.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2019-7232",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The IDAL HTTP server is vulnerable to a stack-based buffer overflow when a large host header is sent in a HTTP request. The host header value overflows a buffer and can overwrite the Structured Exception Handler (SEH) address with a large chunk of data.CVE-2019-7232 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7232"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PB610 Panel Builder 600: v2.8.0.424.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A4167\u0026LanguageCode=de\u0026LanguageCode=en\u0026LanguageCode=es\u0026LanguageCode=fr\u0026LanguageCode=zh\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN31: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN31V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN30: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN30V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "ABB recommends users apply the update of the PB610 applications on CP600 control panels at the earliest convenience.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If an update of the devices is not possible. ABB recommends users restrict network access to the devices to only trusted parties/devices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "To prevent an unauthorized login via a remote client, leave the \u201cForce Remote Login\u201d option of the security settings checked (default setting). In addition, set new users and passwords in the user\u0027s settings for remote clients to \u201cuse different user and password.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Restrict physical access to process control systems to authorized personnel,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not have direct connections to the Internet,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Separate from other networks by means of a firewall system with a minimal number of exposed ports,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "More information on ABB\u0027s recommended practices can be found in the following document: 3BSE032547, Whitepaper - Security for Industrial Automation and Control Systems",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://library.e.abb.com/public/b1f29a78bc9979d7c12577ec00177633/3BSE032547_B_en_Security_for_Industrial_Automation_and_Control_Systems.pdf"
},
{
"category": "mitigation",
"details": "For additional information and support please contact the local ABB service organization. For contact information, see: https://new.abb.com/contact-centers.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
},
{
"category": "mitigation",
"details": "Information about ABB\u0027s cybersecurity program and capabilities can be found at: http://www.abb.com/cybersecurity.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://www.abb.com/cybersecurity"
},
{
"category": "mitigation",
"details": "For more information see ABB\u0027s security advisory 3ADR010377.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2019-7231",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The IDAL FTP server is vulnerable to a buffer overflow when a large string is sent by an authenticated attacker. This overflow is handled, but terminates the process.CVE-2019-7231 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7231"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PB610 Panel Builder 600: v2.8.0.424.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A4167\u0026LanguageCode=de\u0026LanguageCode=en\u0026LanguageCode=es\u0026LanguageCode=fr\u0026LanguageCode=zh\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN31: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN31V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN30: v2.31.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN30V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "ABB recommends users apply the update of the PB610 applications on CP600 control panels at the earliest convenience.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If an update of the devices is not possible. ABB recommends users restrict network access to the devices to only trusted parties/devices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "To prevent an unauthorized login via a remote client, leave the \u201cForce Remote Login\u201d option of the security settings checked (default setting). In addition, set new users and passwords in the user\u0027s settings for remote clients to \u201cuse different user and password.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Restrict physical access to process control systems to authorized personnel,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not have direct connections to the Internet,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Separate from other networks by means of a firewall system with a minimal number of exposed ports,",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "More information on ABB\u0027s recommended practices can be found in the following document: 3BSE032547, Whitepaper - Security for Industrial Automation and Control Systems",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://library.e.abb.com/public/b1f29a78bc9979d7c12577ec00177633/3BSE032547_B_en_Security_for_Industrial_Automation_and_Control_Systems.pdf"
},
{
"category": "mitigation",
"details": "For additional information and support please contact the local ABB service organization. For contact information, see: https://new.abb.com/contact-centers.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
},
{
"category": "mitigation",
"details": "Information about ABB\u0027s cybersecurity program and capabilities can be found at: http://www.abb.com/cybersecurity.",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://www.abb.com/cybersecurity"
},
{
"category": "mitigation",
"details": "For more information see ABB\u0027s security advisory 3ADR010377.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
ICSA-19-178-03
Vulnerability from csaf_cisa - Published: 2019-06-27 00:00 - Updated: 2019-06-27 00:00Summary
ABB CP635 HMI
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of this vulnerability could allow an attacker to prevent legitimate access to an affected system node, remotely cause an affected system node to stop, take control of an affected system node, or insert and run arbitrary code in an affected system node.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Switzerland
Recommended Practices
NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target this vulnerability.
{
"document": {
"acknowledgments": [
{
"organization": "ABB",
"summary": "reporting this vulnerability to NCCIC"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could allow an attacker to prevent legitimate access to an affected system node, remotely cause an affected system node to stop, take control of an affected system node, or insert and run arbitrary code in an affected system node.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-178-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-178-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-178-03 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-178-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/cas/tips/ST04-014.html"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-178-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B"
}
],
"title": "ABB CP635 HMI",
"tracking": {
"current_release_date": "2019-06-27T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-178-03",
"initial_release_date": "2019-06-27T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-06-27T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-178-03 ABB CP635 HMI"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "1SAP520200R0001 | G1 with BSP \u003c= UN31 1.76",
"product": {
"name": "CP620-WEB order code: 1SAP520200R0001 revision index G1 with BSP UN31 v1.76 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "CP620-WEB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1SAP520100R0001 | G1 with BSP \u003c= UN31 1.76",
"product": {
"name": "CP620 order code: 1SAP520100R0001 revision index G1 with BSP UN31 v1.76 and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "CP620"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1SAP530100R0001 | G1 with BSP \u003c= UN31 1.76",
"product": {
"name": "CP630 order code: 1SAP530100R0001 revision index G1 with BSP UN31 v1.76 and prior",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "CP630"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1SAP535200R0001 | G1 with BSP \u003c= UN31 1.76",
"product": {
"name": "CP635-WEB order code: 1SAP535200R0001 revision index G1 with BSP UN31 v1.76 and prior",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "CP635-WEB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1SAP520100R4001 | G1 with BSP \u003c= UN31 1.76",
"product": {
"name": "CP620 order code: 1SAP520100R4001 revision index G1 with BSP UN31 v1.76 and prior",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "CP620"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1SAP530200R0001 | G1 with BSP \u003c= UN31 1.76",
"product": {
"name": "CP630-WEB order code: 1SAP530200R0001 revision index G1 with BSP UN31 v1.76 and prior",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "CP630-WEB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1SAP535100R0001 | G1 with BSP \u003c= UN31 1.76",
"product": {
"name": "CP635 order code: 1SAP535100R0001 revision index G1 with BSP UN31 v1.76 and prior",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "CP635"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1SAP535100R5001 | G1 with BSP \u003c= UN31 1.76",
"product": {
"name": "CP635 order code: 1SAP535100R5001 revision index G1 with BSP UN31 v1.76 and prior",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "CP635"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1SAP535100R2001 | G1 with BSP \u003c= UN31 1.76",
"product": {
"name": "CP635-B order code: 1SAP535100R2001 revision index G1 with BSP UN31 v1.76 and prior",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "CP635-B"
}
],
"category": "vendor",
"name": "ABB"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-7225",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "The ABB CP635 HMI component implements hidden administrative accounts used during the provisioning phase of the HMI interface.CVE-2019-7225 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7225"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ABB recommends users apply the BSP update on affected CP600 control panels at their earliest convenience.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "New version of PB610 Panel Builder 600 v2.8.0.424, which is provided via Automation Builder 2.2 SP2.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A4167\u0026LanguageCode=de\u0026LanguageCode=en\u0026LanguageCode=es\u0026LanguageCode=fr\u0026LanguageCode=zh\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "New version of BSP (board support package) UN31 v2.31.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=BSPCP600UN31V231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Please see ABB cybersecurity advisory document number 3ADR010376 for more information about this vulnerability, and two other security issues and their mitigations.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://library.e.abb.com/public/6b454c20b3a2445ea148a07c46a2f85c/ABB-Advisory_3ADR010376.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
}
]
}
VAR-201906-0215
Vulnerability from variot - Updated: 2024-11-23 21:52The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. ABB HMI The component contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. Multiple ABB Products are prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system. The following products and versions are affected: ABB CP620 with firmware version 1.76 and earlier; ABB CP620-Web with firmware version 1.76 and earlier; ABB CP630 with firmware version 1.76 and earlier; ABB CP630-Web with firmware version 1.76 and earlier ; ABB CP635 with firmware version 1.76 and earlier; ABB CP635-B with firmware version 1.76 and earlier; ABB CP635-Web with firmware version 1.76 and earlier; ABB PB610 with firmware version 1.91 to 2.8.0.3674; ABB CP651-Web with firmware version 1.76 and earlier; ABB CP661 with firmware version 1.76 and earlier; ABB CP661-Web with firmware version 1.76 and earlier; ABB CP665-Web with firmware version 1.76 and earlier; ABB CP665 with firmware version 1.76 and earlier; ABB CP676-Web with firmware version 1.76 and earlier; ABB CP676 with firmware version 1.76 and earlier; ABB CP651 with firmware version 1.76 and earlier. Combining these actions can push malicious configuration and HMI code to the device.
Affected systems
CP620, order code: 1SAP520100R0001, revision index G1 with BSP UN31 V1.76 and prior CP620, order code: 1SAP520100R4001, revision index G1 with BSP UN31 V1.76 and prior CP620-WEB, order code: 1SAP520200R0001, revision index G1 with BSP UN31 V1.76 and prior CP630, order code: 1SAP530100R0001, revision index G1 with BSP UN31 V1.76 and prior CP630-WEB, order code: 1SAP530200R0001, revision index G1 with BSP UN31 V1.76 and prior CP635, order code: 1SAP535100R0001, revision index G1 with BSP UN31 V1.76 and prior CP635, order code: 1SAP535100R5001, revision index G1 with BSP UN31 V1.76 and prior CP635-B, order code: 1SAP535100R2001, revision index G1 with BSP UN31 V1.76 and prior CP635-WEB, order code: 1SAP535200R0001, revision index G1 with BSP UN31 V1.76 and prior PB610 Panel Builder 600, order code: 1SAP500900R0101, versions 1.91 ... 2.8.0.3674CP651, order code: 1SAP551100R0001, revision index B1 with BSPUN30 V1.76 and prior CP651-WEB, order code: 1SAP551200R0001, revision index A0 with BSP UN30 V1.76 and prior CP661, order code: 1SAP561100R0001, revision index B1 with BSP UN30 V1.76 and prior CP661-WEB, order code: 1SAP561200R0001, revision index A0 with BSP UN30 V1.76 and prior CP665, order code: 1SAP565100R0001, revision index B1 with BSP UN30 V1.76 and prior CP665-WEB, order code: 1SAP565200R0001, revision index A0 with BSP UN30 V1.76 and prior CP676, order code: 1SAP576100R0001, revision index B1 with BSP UN30 V1.76 and prior CP676-WEB, order code: 1SAP576200R0001, revision index A0 with BSP UN30 V1.76 and prior
Solution
Apply the patches or changes recommended by the vendor in their vulnerability advisories: - ABB CP635 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch - ABB PB610 - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch - ABB CP651 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch
Disclosure timeline
04/02/2019 - Contacted ABB requesting disclosure coordination 05/02/2019 - Provided vulnerability details 05/06/2019 - Patch available 17/06/2019 - xen1thLabs public disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp661",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp676-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp635-b",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp665",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp661-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "pb610",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "1.91"
},
{
"model": "cp676",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "pb610",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.3674"
},
{
"model": "cp651",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp651-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp630-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp630",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp665-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp635-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp635",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp620-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp630",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp630-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635-b",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp651-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp661",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pb610",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6002.8.0.367"
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6001.91"
},
{
"model": "cp635-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp635-b",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp635",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp630-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp630",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp620-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp620",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp620",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp661",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp661 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp665",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp665 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp676",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp676 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp651",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp620 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp630",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp630 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635 b",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pb610",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp651 web",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:abb:cp620_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:cp620-web_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:cp630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:cp630-web_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:cp635_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:cp635-b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:cp635-web_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:cp651-web_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:cp661_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:pb610_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xen1thLabs,Xen1thLabs.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7225",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2019-7225",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-19833",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-158660",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-7225",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7225",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7225",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-7225",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-19833",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-894",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158660",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. ABB HMI The component contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. Multiple ABB Products are prone to a hard-coded credentials vulnerability. \nAn attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system. The following products and versions are affected: ABB CP620 with firmware version 1.76 and earlier; ABB CP620-Web with firmware version 1.76 and earlier; ABB CP630 with firmware version 1.76 and earlier; ABB CP630-Web with firmware version 1.76 and earlier ; ABB CP635 with firmware version 1.76 and earlier; ABB CP635-B with firmware version 1.76 and earlier; ABB CP635-Web with firmware version 1.76 and earlier; ABB PB610 with firmware version 1.91 to 2.8.0.3674; ABB CP651-Web with firmware version 1.76 and earlier; ABB CP661 with firmware version 1.76 and earlier; ABB CP661-Web with firmware version 1.76 and earlier; ABB CP665-Web with firmware version 1.76 and earlier; ABB CP665 with firmware version 1.76 and earlier; ABB CP676-Web with firmware version 1.76 and earlier; ABB CP676 with firmware version 1.76 and earlier; ABB CP651 with firmware version 1.76 and earlier. Combining these actions can push malicious configuration and HMI code to the device. \n\n\nAffected systems\n----------------\nCP620, order code: 1SAP520100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP620, order code: 1SAP520100R4001, revision index G1 with BSP UN31 V1.76 and prior\nCP620-WEB, order code: 1SAP520200R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP630, order code: 1SAP530100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP630-WEB, order code: 1SAP530200R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP635, order code: 1SAP535100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP635, order code: 1SAP535100R5001, revision index G1 with BSP UN31 V1.76 and prior\nCP635-B, order code: 1SAP535100R2001, revision index G1 with BSP UN31 V1.76 and prior\nCP635-WEB, order code: 1SAP535200R0001, revision index G1 with BSP UN31 V1.76 and prior\nPB610 Panel Builder 600, order code: 1SAP500900R0101, versions 1.91 ... 2.8.0.3674CP651, order code: 1SAP551100R0001, revision index B1 with BSPUN30 V1.76 and prior\nCP651-WEB, order code: 1SAP551200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP661, order code: 1SAP561100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP661-WEB, order code: 1SAP561200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP665, order code: 1SAP565100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP665-WEB, order code: 1SAP565200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP676, order code: 1SAP576100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP676-WEB, order code: 1SAP576200R0001, revision index A0 with BSP UN30 V1.76 and prior\n\n\nSolution\n--------\nApply the patches or changes recommended by the vendor in their vulnerability advisories:\n - ABB CP635 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n - ABB PB610 - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n - ABB CP651 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n\nDisclosure timeline\n-------------------\n04/02/2019 - Contacted ABB requesting disclosure coordination\n05/02/2019 - Provided vulnerability details\n05/06/2019 - Patch available\n17/06/2019 - xen1thLabs public disclosure\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "PACKETSTORM",
"id": "153397"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7225",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "153397",
"trust": 2.4
},
{
"db": "BID",
"id": "108922",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-03",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-01",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-19833",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2019060154",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2348",
"trust": 0.6
},
{
"db": "IVD",
"id": "81E5E7B5-957E-48A4-ADE8-19B359B65CB3",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"id": "VAR-201906-0215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
}
],
"trust": 1.5566666599999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
}
]
},
"last_update_date": "2024-11-23T21:52:11.991000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
},
{
"title": "ABBHMIHardcodedCredentials file read vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/165657"
},
{
"title": "ABB PB610 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94029"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/153397/abb-hmi-hardcoded-credentials.html"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2019/jun/38"
},
{
"trust": 2.5,
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108922"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-03"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7225"
},
{
"trust": 1.4,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7225"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-01"
},
{
"trust": 0.9,
"url": "http://www.abb.com/"
},
{
"trust": 0.9,
"url": "https://library.e.abb.com/public/6b454c20b3a2445ea148a07c46a2f85c/abb-advisory_3adr010376.pdf"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2019060154"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2348/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010376\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010377\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010402\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-158660"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108922"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"date": "2019-06-21T18:32:22",
"db": "PACKETSTORM",
"id": "153397"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-894"
},
{
"date": "2019-06-27T17:15:15.770000",
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158660"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108922"
},
{
"date": "2019-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"date": "2020-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-894"
},
{
"date": "2024-11-21T04:47:47.397000",
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB HMI Vulnerability in using hard-coded credentials in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
}
}
CNVD-2019-19833
Vulnerability from cnvd - Published: 2019-06-28
VLAI Severity ?
Title
ABB HMI Hardcoded Credentials文件读取漏洞
Description
ABB PB610是瑞士ABB公司的一款为CP600控制面板平台设计图形用户界面的软件。
ABB HMI Hardcoded Credentials存在文件读取漏洞,攻击者可借助硬编码凭证利用该漏洞对HMI配置文件进行读写操作并重置设备。
Severity
高
Patch Name
ABB HMI Hardcoded Credentials文件读取漏洞的补丁
Patch Description
ABB PB610是瑞士ABB公司的一款为CP600控制面板平台设计图形用户界面的软件。
ABB HMI Hardcoded Credentials存在文件读取漏洞,攻击者可借助硬编码凭证利用该漏洞对HMI配置文件进行读写操作并重置设备。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://library.e.abb.com/public/b0021d2ab9ba4e3ab14d7c2796f5908e/ABB-Advisory_3ADR010377_2.pdf
Reference
https://cxsecurity.com/issue/WLB-2019060154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7225
https://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html
Impacted products
| Name | ['ABB PB610 Panel Builder 600 2.8.0.367', 'ABB PB610 Panel Builder 600 1.91'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-7225",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-7225"
}
},
"description": "ABB PB610\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u6b3e\u4e3aCP600\u63a7\u5236\u9762\u677f\u5e73\u53f0\u8bbe\u8ba1\u56fe\u5f62\u7528\u6237\u754c\u9762\u7684\u8f6f\u4ef6\u3002\n\nABB HMI Hardcoded Credentials\u5b58\u5728\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u786c\u7f16\u7801\u51ed\u8bc1\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9HMI\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u8bfb\u5199\u64cd\u4f5c\u5e76\u91cd\u7f6e\u8bbe\u5907\u3002",
"discovererName": "xen1thLabs - Software Labs",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://library.e.abb.com/public/b0021d2ab9ba4e3ab14d7c2796f5908e/ABB-Advisory_3ADR010377_2.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-19833",
"openTime": "2019-06-28",
"patchDescription": "ABB PB610\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u6b3e\u4e3aCP600\u63a7\u5236\u9762\u677f\u5e73\u53f0\u8bbe\u8ba1\u56fe\u5f62\u7528\u6237\u754c\u9762\u7684\u8f6f\u4ef6\u3002\r\n\r\nABB HMI Hardcoded Credentials\u5b58\u5728\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u786c\u7f16\u7801\u51ed\u8bc1\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9HMI\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u8bfb\u5199\u64cd\u4f5c\u5e76\u91cd\u7f6e\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "ABB HMI Hardcoded Credentials\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"ABB PB610 Panel Builder 600 2.8.0.367",
"ABB PB610 Panel Builder 600 1.91"
]
},
"referenceLink": "https://cxsecurity.com/issue/WLB-2019060154\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7225\r\nhttps://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html",
"serverity": "\u9ad8",
"submitTime": "2019-06-26",
"title": "ABB HMI Hardcoded Credentials\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e"
}
FKIE_CVE-2019-7225
Vulnerability from fkie_nvd - Published: 2019-06-27 17:15 - Updated: 2024-11-21 04:47
Severity ?
Summary
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jun/38 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/108922 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/ | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jun/38 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108922 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/ | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abb | cp620_firmware | * | |
| abb | cp620 | - | |
| abb | cp620-web_firmware | * | |
| abb | cp620-web | - | |
| abb | cp630_firmware | * | |
| abb | cp630 | - | |
| abb | cp630-web_firmware | * | |
| abb | cp630-web | - | |
| abb | cp635_firmware | * | |
| abb | cp635 | - | |
| abb | cp635-b_firmware | * | |
| abb | cp635-b | - | |
| abb | cp635-web_firmware | * | |
| abb | cp635-web | - | |
| abb | pb610_firmware | * | |
| abb | pb610 | - | |
| abb | cp651-web_firmware | * | |
| abb | cp651-web | - | |
| abb | cp661_firmware | * | |
| abb | cp661 | - | |
| abb | cp661-web_firmware | * | |
| abb | cp661-web | - | |
| abb | cp665_firmware | * | |
| abb | cp665 | - | |
| abb | cp665-web_firmware | * | |
| abb | cp665-web | - | |
| abb | cp676_firmware | * | |
| abb | cp676 | - | |
| abb | cp676-web_firmware | * | |
| abb | cp676-web | - | |
| abb | cp651_firmware | * | |
| abb | cp651 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7480BA-5E10-4B70-82D7-755F09CAD291",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C49C0B1-EFAE-456C-9F8E-3E454B67110D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp620-web_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "876974B2-1EB6-41FC-B2F5-F0C3AE1F43BF",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp620-web:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84DAB292-C0B2-4BD9-B806-ED12FC6C7A9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp630_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5BEC2B-5E6E-40F3-9E0B-487FB0098F35",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CBD8A3B-CEE7-4FA3-959C-E828354B5A05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp630-web_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29FE6356-0F2C-43A0-A4BB-E3C4F70A8171",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp630-web:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B60F253F-8042-4877-A519-C28459EF6555",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp635_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7B5542-C2D2-4A29-9E40-C356883DA309",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp635:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E1FC-6DFE-477E-AD49-CE37CEDF27CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp635-b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC98A8D-6477-471B-8C4E-3F3CB5C6933F",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp635-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0559D243-6CCB-418F-A78D-3CB202262F38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp635-web_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB7EEE4-81B8-49C3-B482-243B62A9AEC7",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp635-web:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3AB80B-8AE2-4359-92B9-1465EB244029",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:pb610_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28D5DC67-1218-4AB3-974A-00E798B4BA3F",
"versionEndIncluding": "2.8.0.3674",
"versionStartIncluding": "1.91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:pb610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C4875D-C8BF-459E-8AB3-2CD8A0C6189B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp651-web_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25522616-145A-4A39-A8C9-3D7998C26F31",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp651-web:-:*:*:*:*:*:*:*",
"matchCriteriaId": "849EBA94-A50E-4CFF-8C79-EA7E7243EAC9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp661_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3832220C-02D2-48B9-8CD2-70FB5D1994D1",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp661:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0691F9D-F6FE-40C2-A538-318F405F47DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp661-web_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EECDAF37-075D-4AFB-B724-3EB7AA16A302",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp661-web:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8588CE-588A-4C83-BBFE-502E72D006F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp665_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A0E882-1EE7-4FE1-AE59-35D02D0332D3",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp665:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF29C1B8-7CC4-4659-95BF-6B7B37AFC298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp665-web_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67556F86-148E-4C10-87CE-658927A91FB2",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp665-web:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8068A1EE-D2A5-43E9-A297-47E9916E040A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp676_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15EA28D1-D2A1-4692-806D-1D0ADF53C762",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp676:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9F98FC-D563-4A3F-B189-BD2FED21039D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp676-web_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7E19FD-9B92-410D-A023-FB68F14B0328",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp676-web:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8D95A5-31B9-4366-BC56-489715ED7384",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cp651_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE6414E4-B285-44C3-8D08-DFAA475E121A",
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cp651:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BD27ACE-A1F6-450C-9853-00F0D87A182A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components."
},
{
"lang": "es",
"value": "Los componentes HMI de ABB implementan cuentas administrativas ocultas que se utilizan durante la fase de aprovisionamiento de la interfaz HMI. Estas credenciales permiten que la herramienta de aprovisionamiento \"Panel Builder 600\" muestre una nueva interfaz y mapeo de etiquetas (bobinas MODBUS) en el HMI. Estas credenciales son la contrase\u00f1a idal123 para la cuenta IdalMaster y la contrase\u00f1a exor para la cuenta exor. Estas credenciales se utilizan tanto en HTTP (S) como en FTP. No hay opci\u00f3n para deshabilitar o cambiar estas credenciales no documentadas. Un atacante puede usar estas credenciales para iniciar sesi\u00f3n en ABB HMI para leer / escribir archivos de configuraci\u00f3n de HMI y tambi\u00e9n para restablecer el dispositivo. Esto afecta a HMI ABB CP635, HMIClient CP600, Panel Builder 600, servidor FTP IDAL, servidor HTTP IDAL y muchos otros componentes HMI."
}
],
"id": "CVE-2019-7225",
"lastModified": "2024-11-21T04:47:47.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-27T17:15:15.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108922"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-QH2P-23VC-R8QP
Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2023-05-16 12:30
VLAI?
Details
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2019-7225"
],
"database_specific": {
"cwe_ids": [
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-27T17:15:00Z",
"severity": "MODERATE"
},
"details": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.",
"id": "GHSA-qh2p-23vc-r8qp",
"modified": "2023-05-16T12:30:19Z",
"published": "2022-05-24T16:48:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7225"
},
{
"type": "WEB",
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108922"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2019-7225
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-7225",
"description": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.",
"id": "GSD-2019-7225"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-7225"
],
"details": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.",
"id": "GSD-2019-7225",
"modified": "2023-12-13T01:23:46.614886Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190624 XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"name": "http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html"
},
{
"name": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/",
"refsource": "MISC",
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/"
},
{
"name": "20190620 XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"name": "108922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108922"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp620-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp620-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp630_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp630-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp630-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:pb610_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.0.3674",
"versionStartIncluding": "1.91",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:pb610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp651-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp651-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp661_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp661:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp661-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp661-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp665_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp665:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp665-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp665-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp676_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp676:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp676-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp676-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp651_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp651:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7225"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html"
},
{
"name": "20190620 XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/38"
},
{
"name": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/"
},
{
"name": "108922",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108922"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-05-16T11:15Z",
"publishedDate": "2019-06-27T17:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…