CVE-2019-7231

CWE-119 — Buffer Overflow3 documents3 sources

Severity

5.7MEDIUM

EPSS

1.9%

top 16.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Pb610 Panel Builder 600 Firmware

Timeline

PublishedJun 24

Latest updateMay 24

Description

The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.1 | Impact: 3.6

Affected Packages1 packages

▶NVDabb/pb610_panel_builder_600_firmware1.91 — 2.8.0.367

Patches

Patch: search.abb.com ↗Patch: search.abb.com ↗

🔴Vulnerability Details

GHSA

GHSA-6chp-wcgf-65jm: The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker↗2022-05-24

▶

CVEList

CVE-2019-7231: The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker↗2019-06-24

▶