cbcvebase.
CVE-2019-18250
published 2019-11-26

CVE-2019-18250: In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may…

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.68%
74.0th percentile
In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device.

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability allows authentication bypass via an alternate path or channel (CWE-288), enabling remote credential extraction from ABB PGIM and Plant Connect devices — monitor for unauthenticated remote access attempts to these platforms followed by credential-related activity.
  • The vulnerability is remotely exploitable with no authentication and low skill level required (CVSS v3 9.8, AV:N/AC:L/PR:N/UI:N); prioritize network-level detection of unsolicited inbound connections to PGIM/Plant Connect services.
  • ·No known public exploits specifically target this vulnerability at time of advisory publication, limiting the ability to build signature-based detections from known exploit traffic.
  • ·ABB advises against reusing Windows login credentials for PGIM/Plant Connect application login; if the same credentials are in use, extracted credentials may grant broader Windows-level access — scope incident response accordingly.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.