CVE-2019-18253
published 2019-11-27CVE-2019-18253: An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670…
PriorityP260critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.98%
78.1th percentile
An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachienergy | relion_670_firmware | < 1p1r26 | 1p1r26 |
| hitachienergy | relion_670_firmware | >= 1.2 < 1.2.3.17 | 1.2.3.17 |
| hitachienergy | relion_670_firmware | >= 2.0 < 2.0.0.10 | 2.0.0.10 |
| hitachienergy | relion_670_firmware | >= 2.1 < 2.1.0.1 | 2.1.0.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect path traversal exploitation attempts targeting ABB Relion 670 Series devices via IEC 61850 MMS protocol on TCP port 102 — look for specially crafted paths in MMS requests that traverse outside the intended directory. ↗
- →Monitor for unexpected file read or delete operations on ABB Relion 670 Series devices, particularly those arriving over MMS (TCP/102) from hosts outside the expected ICS network zone. ↗
- →Alert on any MMS traffic to TCP/102 originating from untrusted or external network segments toward Relion 670 Series devices, as the vulnerability is exploitable remotely with no authentication required (PR:N, UI:N). ↗
- ·No known public exploits exist for this CVE at time of advisory publication, reducing immediate exploitation likelihood but not eliminating risk. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qjjj-g2xr-56qr: An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1
ghsa_unreviewed·2022-05-24
CVE-2019-18253 [HIGH] CWE-22 GHSA-qjjj-g2xr-56qr: An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1
An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.
CISA ICS
ABB Relion 670 Series
cisa_ics·2019-11-26·CVSS 10.0
[CRITICAL] ABB Relion 670 Series
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ABB Relion 670 Series
Last RevisedNovember 26, 2019
Alert CodeICSA-19-330-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: ABB
- Equipment: Relion 670 Series
- Vulnerability: Path Traversal
## 2. RISK EVALUATION
Successful exploitation of this vulnerability may allow an attacker to read and delete files on the device.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Relion 670 series, a protection and control device, are affected:
- Relion 670 series versions 1p1r26 and prior
- R
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-11-27
Published