CVE-2019-18250
First published: Mon Nov 25 2019(Updated: )
In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Abb Plant Connect | ||
| ABB 800xA Information Manager |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-18250?
The severity of CVE-2019-18250 is critical due to the potential for remote authentication bypass.
How do I fix CVE-2019-18250?
To fix CVE-2019-18250, apply the latest security updates provided by ABB for both Power Generation Information Manager and Plant Connect.
What are the affected systems for CVE-2019-18250?
CVE-2019-18250 affects all versions of ABB Power Generation Information Manager and Plant Connect.
Can CVE-2019-18250 lead to credential theft?
Yes, CVE-2019-18250 allows an attacker to bypass authentication and potentially extract credentials from the affected devices.
Is there a workaround for CVE-2019-18250?
Currently, there are no known workarounds for CVE-2019-18250; updating to the latest version is the recommended mitigation.
- agent/references
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/abb
- canonical/abb plant connect
- canonical/abb 800xa information manager