CVE-2019-18994

CWE-20Improper Input Validation3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 48.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ABB ABB Pb610 Panel Builder 600ABB Pb610 Panel Builder 600
Timeline
PublishedDec 18
Latest updateMay 24

Description

Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:LExploitability: 1.3 | Impact: 2.5

Affected Packages2 packages

CVEListV5abb/abb_pb610_panel_builder_600unspecified2.8.0.424

🔴Vulnerability Details

2
GHSA
GHSA-6m98-5g77-284r: Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 22022-05-24
CVEList
ABB PB610 HMIStudio crashes after launching an empty *.JPR application file2019-12-18
CVE-2019-18994 (MEDIUM CVSS 6.5) | Due to a lack of file length check | cvebase.io