CVE-2019-18997: PB610 HMISimulator provides interface with access to arbitrary files
First published: Wed Dec 18 2019(Updated: )
The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access.
Credit: cybersecurity@ch.abb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ABB Panel Builder 600 | <=2.8.0.424 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-18997?
CVE-2019-18997 has a medium severity rating due to the potential for unauthorized file access.
How do I fix CVE-2019-18997?
To mitigate CVE-2019-18997, upgrade ABB PB610 Panel Builder 600 to a version later than 2.8.0.424.
Which versions of ABB PB610 Panel Builder 600 are affected by CVE-2019-18997?
All versions of ABB PB610 Panel Builder 600 up to and including version 2.8.0.424 are affected by CVE-2019-18997.
What type of vulnerability is CVE-2019-18997?
CVE-2019-18997 is a directory traversal vulnerability that can allow access to files outside the intended directory.
Are there any known exploits for CVE-2019-18997?
As of now, there are no publicly known exploits specifically targeting CVE-2019-18997.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/abb
- canonical/abb panel builder 600
- version/abb panel builder 600/2.8.0.424