CVE-2019-7229
First published: Mon Jun 24 2019(Updated: )
The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ABB Board Support Package Un31 | <2.31 | |
| Abb CP620-Web Firmware | <2.8.0.424 | |
| ABB Relion 620 | ||
| ABB CP620 Firmware | <2.8.0.424 | |
| Abb Cp620-web Firmware | ||
| ABB CP630-web | <2.0.8.424 | |
| Abb Cp630 Firmware | ||
| ABB CP630-web | <2.8.0.424 | |
| Abb Cp630 Firmware | ||
| ABB CP635 Firmware | <2.8.0.424 | |
| ABB CP635 Firmware | ||
| ABB CP635 | <2.8.0.424 | |
| ABB CP635 | ||
| ABB CP635-web | <2.8.0.424 | |
| ABB CP635-web Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/153387/ABB-HMI-Missing-Signature-Verification.html
- http://seclists.org/fulldisclosure/2019/Jun/34
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch
- https://www.darkmatter.ae/xen1thlabs/abb-hmi-absence-of-signature-verification-vulnerability-xl-19-005/
Frequently Asked Questions
What is the severity of CVE-2019-7229?
CVE-2019-7229 has been assigned a severity score, indicating a potential security risk due to inadequate encryption in firmware updates.
How do I fix CVE-2019-7229?
To fix CVE-2019-7229, ensure firmware updates are signed and implement encryption during the update process.
Which devices are affected by CVE-2019-7229?
CVE-2019-7229 affects various ABB CP635 firmware versions, including CP620, CP630, and their web counterparts.
What are the risks associated with CVE-2019-7229?
The risks of CVE-2019-7229 include potential unauthorized firmware modifications and compromised system integrity.
Is there a workaround for CVE-2019-7229?
A workaround for CVE-2019-7229 is to limit firmware update access and monitor for unauthorized changes.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/references
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/abb
- canonical/abb board support package un31
- canonical/abb cp620-web firmware
- canonical/abb relion 620
- canonical/abb cp620 firmware
- canonical/abb cp630-web
- canonical/abb cp630 firmware
- canonical/abb cp635 firmware
- canonical/abb cp635
- canonical/abb cp635-web
- canonical/abb cp635-web firmware