Pb610 Panel Builder 600 Firmware
CVE-2019-7231
MEDIUM
Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server.
AnalysisAI
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server. Affected products include: Abb Pb610 Panel Builder 600 Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication a
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Rated high
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. Rated high
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Rated high severity (
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD .
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today