ABB PB610 Multiple Security Vulnerabilities

ABB PB610 Panel Builder 600 is prone to the following vulnerabilities:
1. An authentication-bypass vulnerability
2. A directory-traversal vulnerability
3. Multiple memory corruption vulnerabilities
4. A stack-based buffer-overflow vulnerability
5. A buffer-overflow vulnerability
Attackers can exploit these issues to execute arbitrary code, access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory, bypass authentication mechanism and perform unauthorized actions. Failed exploit attempts will likely cause denial-of-service conditions.
ABB PB610 Panel Builder 600 version 1.91 through 2.8.0.367 are vulnerable.

Information

Bugtraq ID: 108886
Class: Unknown
CVE: CVE-2019-7226
CVE-2019-7227
CVE-2019-7228
CVE-2019-7230
CVE-2019-7232
CVE-2019-7231

Remote: Yes
Local: No
Published: Jun 13 2019 12:00AM
Updated: Jun 13 2019 12:00AM
Credit: Xen1thLabs.
Vulnerable: ABB PB610 Panel Builder 600 2.8.0.367
ABB PB610 Panel Builder 600 1.91

Not Vulnerable: ABB PB610 Panel Builder 600 2.8.0.424

Exploit

Attackers can exploit these issues to execute arbitrary code, access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory, bypass authentication mechanism and perform unauthorized actions. Failed exploit attempts will likely cause denial-of-service conditions.

References:

ABB Homepage (ABB)
Multiple Vulnerabilities in ABB PB610 (ABB)

Source: www.securityfocus.com

Exploit Collector

Search Exploit