Vulnerabilities > ABB > Pb610 Panel Builder 600 Firmware > 1.91

DATE CVE VULNERABILITY TITLE RISK
2019-06-27 CVE-2019-7227 Path Traversal vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files.
low complexity
abb CWE-22
7.3
7.3
2019-06-27 CVE-2019-7226 Improper Authentication vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions.
low complexity
abb CWE-287
8.8
8.8
2019-06-27 CVE-2019-7228 Use of Externally-Controlled Format String vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process.
low complexity
abb CWE-134
8.8
8.8
2019-06-24 CVE-2019-7231 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker.
low complexity
abb CWE-119
5.7
5.7
2019-06-24 CVE-2019-7232 Out-of-bounds Write vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request.
low complexity
abb CWE-787
8.8
8.8
2019-06-24 CVE-2019-7230 Use of Externally-Controlled Format String vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367
The ABB IDAL FTP server mishandles format strings in a username during the authentication process.
low complexity
abb CWE-134
8.8
8.8