admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-72xx/CVE-2019-7229.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

339 lines
9.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-7229",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-06-24T18:15:11.107",
"lastModified": "2022-01-01T20:17:29.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: \"Utilization of USB/SD Card to flash the device\" and \"Remote provisioning process via ABB Panel Builder 600 over FTP.\" Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files."
},
{
"lang": "es",
"value": "La HMI CP635 de ABB usa dos m\u00e9todos de transmisi\u00f3n diferentes para actualizar su firmware y sus componentes de software: \"Utilization of USB/SD Card to flash the device\" y \"Remote provisioning process via ABB Panel Builder 600 over FTP.\". Ninguno de estos m\u00e9todos de transmisi\u00f3n implementa ninguna forma de cifrado o comprobaci\u00f3n de autenticidad contra los nuevos archivos binarios del software HMI del firmware."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-494"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:abb:board_support_package_un31:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.31",
"matchCriteriaId": "7BE32FB5-E494-40F1-8B31-1A1A38D02674"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:cp620_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.0.424",
"matchCriteriaId": "A06C8DC8-A9DD-4E58-A42F-E0BC0460475F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:cp620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C49C0B1-EFAE-456C-9F8E-3E454B67110D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:cp620-web_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.0.424",
"matchCriteriaId": "462BAAF1-B4E4-4958-90D3-26C913E8CB69"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:cp620-web:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84DAB292-C0B2-4BD9-B806-ED12FC6C7A9E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:cp630_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.8.424",
"matchCriteriaId": "1B144E42-CF8C-4DFE-8378-F38924FE64C7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:cp630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CBD8A3B-CEE7-4FA3-959C-E828354B5A05"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:cp630-web_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.0.424",
"matchCriteriaId": "30776769-AEB4-40E0-A6DC-442177F11D50"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:cp630-web:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B60F253F-8042-4877-A519-C28459EF6555"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:cp635_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.0.424",
"matchCriteriaId": "F9C0D685-55E9-4DBB-87C0-2524C64C1D61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:cp635:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E1FC-6DFE-477E-AD49-CE37CEDF27CC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:cp635-b_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.0.424",
"matchCriteriaId": "04F7B624-7725-4234-8DD8-54FF926462BD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:cp635-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0559D243-6CCB-418F-A78D-3CB202262F38"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:cp635-web_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.0.424",
"matchCriteriaId": "698D0048-4F7B-4D85-81B4-C2DA8C7C7358"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:cp635-web:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3AB80B-8AE2-4359-92B9-1465EB244029"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/153387/ABB-HMI-Missing-Signature-Verification.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2019/Jun/34",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch",
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch",
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-absence-of-signature-verification-vulnerability-xl-19-005/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink