Vulnerability Name:
CVE-2018-10616 (CCN-146616)
Assigned:
2018-07-17
Published:
2018-07-17
Updated:
2019-10-09
Summary:
ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.
CVSS v3 Severity:
7.8 High
(CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
)
6.8 Medium
(Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
7.0 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
)
6.1 Medium
(CCN Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
9.3 High
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
6.0 Medium
(CCN CVSS v2 Vector:
AV:L/AC:H/Au:S/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
High
Athentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-20
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2018-10616
Source: CONFIRM
Type: Vendor Advisory
http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch
Source: BID
Type: Broken Link
104882
Source: CCN
Type: BID-104882
ABB Panel Builder 800 CVE-2018-10616 Remote Code Execution Vulnerability
Source: XF
Type: UNKNOWN
abb-cve201810616-code-exec(146616)
Source: CCN
Type: ICSA-18-198-01
ABB Panel Builder 800
Source: MISC
Type: Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01
Source: CCN
Type: ABB Web site
SECURITY - Panel Builder 800, Improper input validation vulner ability
Source: CCN
Type: ZDI-18-882
ABB Panel Builder Begalil IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-883
ABB Panel Builder Becomli CommandLineOptions Stack-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-884
ABB Panel Builder ModBus AC500 UserSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-885
ABB Panel Builder BEMBSlave ComErrorIO Stack-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-886
ABB Panel Builder BeMod_BeckHoff Node1 Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-887
ABB Panel Builder BeModBus TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-888
ABB Panel Builder beabethsc IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-889
ABB Panel Builder BEMBSlave MapIO Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-891
ABB Panel Builder BeomronFins FINSIPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-892
ABB Panel Builder BeMMS IpAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-893
ABB Panel Builder beDVT IpAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-894
ABB Panel Builder BeECOM IpAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-895
ABB Panel Builder SIMATIC_TI500 UserSettings Format String Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-896
ABB Panel Builder BEControlLogix IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-897
ABB Panel Builder beFesto IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-898
ABB Panel Builder Animatics_SmartMotor UserSettings Format String Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-899
ABB Panel Builder BeModBus CommandLineOptions Stack-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-900
ABB Panel Builder Allen Bradley MicroLogix TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerabilities
Source: CCN
Type: ZDI-18-901
ABB Panel Builder UserSettings Format String Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-902
ABB Panel Builder beOMRON TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-903
ABB Panel Builder bes7mpidirect ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-904
ABB Panel Builder beSaia_Ethernet IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-905
ABB Panel Builder bemodbus TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-906
ABB Panel Builder bemodbus Nodes Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-907
ABB Panel Builder bemodbus ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-908
ABB Panel Builder BEYaskawaSMC IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-909
ABB Panel Builder KEB_COMBIVERT_Pre UserSettings Format String Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-910
ABB Panel Builder Yaskawa_FSP_Pre StationsList Stack-based Buffer Overflow Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-911
ABB Panel Builder SIMATIC_S5_3964R_Pre UserSettings Format String Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-912
ABB Panel Builder YAMAHA_VIP_robot_Pre Format String Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-18-914
ABB Panel Builder ModBus Beckhoff ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability
Vulnerable Configuration:
Configuration 1
:
cpe:/a:abb:panel_builder_800:-:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
abb
panel builder 800 -