CVE-2019-18995

CWE-20Improper Input Validation3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.9%
top 24.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ABB Pb610 Panel Builder 600
Timeline
PublishedDec 18
Latest updateMay 24

Description

The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5abb/pb610_panel_builder_600unspecified2.8.0.424

🔴Vulnerability Details

2
GHSA
GHSA-r8h3-q2qx-f49j: The HMISimulator component of ABB PB610 Panel Builder 600 versions 22022-05-24
CVEList
ABB PB610 HMISimulator does not check content-length of the HTTP request2019-12-18
CVE-2019-18995 (MEDIUM CVSS 5.3) | The HMISimulator component of ABB P | cvebase.io