Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv2

CVE-2019-7229

Published: 24/06/2019 Updated: 01/01/2022
CVSS v2 Base Score: 5.4 | Impact Score: 6.4 | Exploitability Score: 5.5
CVSS v3 Base Score: 8.3 | Impact Score: 6 | Exploitability Score: 1.6
VMScore: 481
Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Board Support Package Un31

Vulnerability Summary

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

abb board support package un31

abb cp620_firmware

abb cp620-web_firmware

abb cp630_firmware

abb cp630-web_firmware

abb cp635_firmware

abb cp635-b_firmware

abb cp635-web_firmware

Exploits

Exploit DB: ABB HMI Missing Signature Verification
ABB HMI fails to perform any signature validation checking during two different transmission methods for upgrade ...

Mailing Lists

Full Disclosure: XL-19-005 - ABB HMI Absence of Signature Verification Vulnerability
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> XL-19-005 - ABB HMI Absence of Signature Verification Vulnerability <!--X-Subject-Header-End--> <!--X-Head-of-Message- ...

References

CWE-494https://www.darkmatter.ae/xen1thlabs/abb-hmi-absence-of-signature-verification-vulnerability-xl-19-005/https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launchhttps://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launchhttp://seclists.org/fulldisclosure/2019/Jun/34http://packetstormsecurity.com/files/153387/ABB-HMI-Missing-Signature-Verification.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/153387/ABB-HMI-Missing-Signature-Verification.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook