28 June 2019
Multiple vulnerabilities in ABB HMI solutions
Multiple vulnerabilities have been identified and fixed in ABB HMI solutions. Successful exploitation of these vulnerabilities could allow an attacker to prevent legitimate access to an affected system node, remotely cause a denial-of-service condition, or insert and run arbitrary code.
The largest number of vulnerabilities were identified in PB610 Panel Builder 600, an engineering tool for designing HMI applications. The issues are caused by the use of hard-coded credentials providing access with administrative privileges (CVE-2019-7225), improper authentication (CVE-2019-7226) and input data validation (CVE-2019-7228, CVE-2019-7230), buffer overflow (CVE-2019-7232, CVE-2019-7231), and the ability to traverse outside the root directory due to an FTP server flaw (CVE-2019-7227). Five of the seven vulnerabilities listed above were assigned a CVSS v.3 base score of 8.8.
The vulnerabilities have been addressed in the following versions of the product:
- PB610 Panel Builder 600 v188.8.131.524;
- new versions of BSP (board support package) UN31 and UN30 v.2.31.
Users should apply the update of the PB610 applications on CP600 control panels as soon as possible. If updating the devices is not possible, the vendor recommends restricting network access to the devices to only trusted parties/devices.
Multiple vulnerabilities have been identified in the ABB CP635 HMI component. The vulnerabilities are caused by the use of outdated versions of software products containing known vulnerabilities, hardcoded credentials with administrator privileges (CVE-2019-7225) and the absence of signature verification (CVE-2019-7229).
Similar types of vulnerabilities have also been identified in CP651 HMI solutions.
To address the vulnerabilities in CP635 and CP651 HMI panels, it is recommended that users install the following updates on affected CP600 control panels:
- new version of PB610 Panel Builder 600 v184.108.40.2064, provided using Automation Builder 2.2 SP2.
- new version of BSP (board support package) UN31 v2.31 (for CP635).
- new version of BSP (board support package) UN30 v2.31 (for CP651).