CVE-2019-18996: ABB PB610 HMIStudio accepts malicious DLL file in an application
First published: Wed Dec 18 2019(Updated: )
Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context.
Credit: cybersecurity@ch.abb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ABB Panel Builder 600 | <=2.8.0.424 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-18996?
CVE-2019-18996 has been classified with a high severity level due to the potential for remote code execution.
How do I fix CVE-2019-18996?
To fix CVE-2019-18996, upgrade to a version of ABB Panel Builder 600 that is later than 2.8.0.424.
What systems are affected by CVE-2019-18996?
CVE-2019-18996 affects ABB Panel Builder 600 version 2.8.0.424 and earlier.
What type of attack can be executed using CVE-2019-18996?
CVE-2019-18996 allows an attacker to execute arbitrary code due to mishandling of DLL path settings.
Who is at risk from CVE-2019-18996?
Users and administrators of affected versions of ABB Panel Builder 600 are at risk from CVE-2019-18996.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/abb
- canonical/abb panel builder 600
- version/abb panel builder 600/2.8.0.424