HIGH🇵🇱 Wersja polska

CVE-2019-7232

CVSS 8.8v3.1pub. 2019-06-24upd. 2024-11-21

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Abb Pb610 Panel Builder 600

    HW
    Abb
    wszystkie wersje
  • Abb Pb610 Panel Builder 600 Firmware

    OS
    Abb
    1.91 – 2.8.0.367
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassMemory
CWE
References

Related vulnerabilities

CVE-2019-18996HIGH7.1ten sam produkt

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs...

CVE-2019-7227HIGH7.3ten sam produkt

In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk w...

CVE-2019-7228HIGH8.8ten sam produkt

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. ...

CVE-2019-7226HIGH8.8ten sam produkt

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authen...

CVE-2019-7230HIGH8.8ten sam produkt

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting ...