CVE-2019-7232

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.8HIGH

EPSS

7.4%

top 8.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Pb610 Panel Builder 600 Firmware

Timeline

PublishedJun 24

Latest updateMay 24

Description

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDabb/pb610_panel_builder_600_firmware1.91 — 2.8.0.367

Patches

Patch: search.abb.com ↗Patch: search.abb.com ↗

🔴Vulnerability Details

GHSA

GHSA-cg5v-gm33-jwmv: The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request↗2022-05-24

▶

CVEList

CVE-2019-7232: The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request↗2019-06-24

▶