Multiple ABB Products are prone to a hard-coded credentials vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
| Bugtraq ID: | 108922 |
| Class: | Design Error |
| CVE: | CVE-2019-7225 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 05 2019 12:00AM |
| Updated: | Jun 05 2019 12:00AM |
| Credit: | Xen1thLabs. |
| Vulnerable: | ABB CP635-WEB 0 ABB CP635-B 0 ABB CP635 0 ABB CP630-WEB 0 ABB CP630 0 ABB CP620-WEB 0 ABB CP620 0 |
| Not Vulnerable: | |
References:
- ABB Homepage (ABB)
- XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability (Seclist)
- ICS Advisory (ICSA-19-178-03) (ICS CERT)
- Multiple Vulnerabilities in ABB CP635 HMI (ABB)
from SecurityFocus Vulnerabilities https://ift.tt/2J202Fw
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.