CVE-2019-18250
published 2019-11-26CVE-2019-18250: In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.68%
74.0th percentile
In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device.
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability allows authentication bypass via an alternate path or channel (CWE-288), enabling remote credential extraction from ABB PGIM and Plant Connect devices — monitor for unauthenticated remote access attempts to these platforms followed by credential-related activity. ↗
- →The vulnerability is remotely exploitable with no authentication and low skill level required (CVSS v3 9.8, AV:N/AC:L/PR:N/UI:N); prioritize network-level detection of unsolicited inbound connections to PGIM/Plant Connect services. ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication, limiting the ability to build signature-based detections from known exploit traffic. ↗
- ·ABB advises against reusing Windows login credentials for PGIM/Plant Connect application login; if the same credentials are in use, extracted credentials may grant broader Windows-level access — scope incident response accordingly. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h2w7-hfq4-7xgx: In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, whi
ghsa_unreviewed·2022-05-24
CVE-2019-18250 [HIGH] CWE-287 GHSA-h2w7-hfq4-7xgx: In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, whi
In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device.
CISA ICS
ABB Power Generation Information Manager (PGIM) and Plant Connect
cisa_ics·2019-11-14·CVSS 9.8
[CRITICAL] ABB Power Generation Information Manager (PGIM) and Plant Connect
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ABB Power Generation Information Manager (PGIM) and Plant Connect
Last RevisedNovember 14, 2019
Alert CodeICSA-19-318-05
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: ABB
- Equipment: Power Generation Information Manager (PGIM) and Plant Connect
- Vulnerability: Authentication Bypass Using an Alternate Path or Channel
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and extract credentials from the device.
## 3. TECHNICAL DETAILS
## 3.1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-11-26
Published