{"containers": {"cna": {"affected": [{"product": "PB610 Panel Builder 600", "vendor": "ABB", "versions": [{"lessThanOrEqual": "2.8.0.424", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "NSFOCUS for providing vulnerability details and proof of concept."}], "descriptions": [{"lang": "en", "value": "The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-424", "description": "CWE-424 Improper Protection of Alternate Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-12-18T20:22:47", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch"}], "source": {"defect": ["ABBVU-RAMF-1908004"], "discovery": "UNKNOWN"}, "title": "PB610 HMISimulator provides interface with access to arbitrary files", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@ch.abb.com", "ID": "CVE-2019-18997", "STATE": "PUBLIC", "TITLE": "PB610 HMISimulator provides interface with access to arbitrary files"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PB610 Panel Builder 600", "version": {"version_data": [{"version_affected": "<=", "version_value": "2.8.0.424"}]}}]}, "vendor_name": "ABB"}]}}, "credit": [{"lang": "eng", "value": "NSFOCUS for providing vulnerability details and proof of concept."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-424 Improper Protection of Alternate Path"}]}]}, "references": {"reference_data": [{"name": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "MISC", "url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch"}]}, "source": {"defect": ["ABBVU-RAMF-1908004"], "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:02:39.800Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch"}]}]}, "cveMetadata": {"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2019-18997", "datePublished": "2019-12-18T20:22:47", "dateReserved": "2019-11-15T00:00:00", "dateUpdated": "2024-08-05T02:02:39.800Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:pb610_panel_builder_600:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A9714CC-B58C-4D3E-A618-8C8146032D6B", "versionEndIncluding": "2.8.0.424", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access."}, {"lang": "es", "value": "El componente HMISimulator de ABB PB610 Panel Builder 600 utiliza la interfaz readFile/writeFile para manipular el archivo de trabajo. La configuraci\u00f3n de ruta en PB610 HMISimulator versiones 2.8.0.424 y anteriores, permite potencialmente el acceso a archivos fuera del directorio de trabajo, lo que potencialmente admite el acceso a archivos no autorizados."}], "id": "CVE-2019-18997", "lastModified": "2024-11-21T04:33:57.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-18T21:15:13.630", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Exploit", "Vendor Advisory"], "url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-424"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}