Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2019-18996— ABB PB610 HMIStudio accepts malicious DLL file in an application

CVSS 7.1 · High EPSS 0.14% · P34
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-18996

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ABB PB610 HMIStudio accepts malicious DLL file in an application
Source: NVD (National Vulnerability Database)
Vulnerability Description
Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对候选路径的不恰当保护
Source: NVD (National Vulnerability Database)
Vulnerability Title
ABB PB610 Panel Builder 600 HMIStudio组件代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ABB PB610和ABB PB610 Panel Builder 600都是瑞士ABB公司的一款为CP600控制面板平台设计图形用户界面的软件。 ABB PB610 Panel Builder 600 2.8.0.424及之前版本中的HMIStudio组件存在代码问题漏洞,该漏洞源于路径设置允许接收来自该程序目录之外的DLLs。攻击者可利用该漏洞在该应用程序的上下文中执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
ABBPB610 Panel Builder 600 unspecified ~ 2.8.0.424 -

II. Public POCs for CVE-2019-18996

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-18996

登录查看更多情报信息。

Other References for CVE-2019-18996 (1)

Same Patch Batch · ABB · 2019-12-18 · 4 CVEs total

CVE-2019-189954.3 MEDIUMABB PB610 HMISimulator does not check content-length of the HTTP request
CVE-2019-189974.3 MEDIUMPB610 HMISimulator provides interface with access to arbitrary files
CVE-2019-189943.9 LOWABB PB610 HMIStudio crashes after launching an empty *.JPR application file

IV. Related Vulnerabilities

Same product: PB610 Panel Builder 600
Same vendor: ABB
Same weakness: CWE-424

V. Comments for CVE-2019-18996

No comments yet

Leave a comment