What is the severity of CVE-2019-7226?

CVE-2019-7226 is considered to be of high severity due to its potential for unauthorized access to privileged functions.

How do I fix CVE-2019-7226?

To fix CVE-2019-7226, update the ABB PB610 Panel Builder 600 firmware to a version later than 2.8.0.367.

Who is affected by CVE-2019-7226?

Users of the ABB PB610 Panel Builder 600 firmware versions between 1.91 and 2.8.0.367 are affected by CVE-2019-7226.

What does CVE-2019-7226 exploit?

CVE-2019-7226 exploits a vulnerability in the ABB IDAL HTTP server's CGI interface that allows authentication bypass.

Is authentication required to exploit CVE-2019-7226?

No, CVE-2019-7226 allows unauthenticated attackers to exploit the vulnerability.

Vulnerability/
CVE-2019-7226

high

8.8

CWE

287

27/6/2019

4/8/2024

CVE-2019-7226

First published: Thu Jun 27 2019(Updated: )

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ABB PB610 Panel Builder 600 Firmware	>=1.91<=2.8.0.367
ABB Panel Builder 600

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-7226?
CVE-2019-7226 is considered to be of high severity due to its potential for unauthorized access to privileged functions.
How do I fix CVE-2019-7226?
To fix CVE-2019-7226, update the ABB PB610 Panel Builder 600 firmware to a version later than 2.8.0.367.
Who is affected by CVE-2019-7226?
Users of the ABB PB610 Panel Builder 600 firmware versions between 1.91 and 2.8.0.367 are affected by CVE-2019-7226.
What does CVE-2019-7226 exploit?
CVE-2019-7226 exploits a vulnerability in the ABB IDAL HTTP server's CGI interface that allows authentication bypass.
Is authentication required to exploit CVE-2019-7226?
No, CVE-2019-7226 allows unauthenticated attackers to exploit the vulnerability.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/abb
canonical/abb pb610 panel builder 600 firmware
version/abb pb610 panel builder 600 firmware/1.91
version/abb pb610 panel builder 600 firmware/2.8.0.367
canonical/abb panel builder 600

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.