QwikSec

Security Database

CVE

CWE

Training

CVE-2019-7229

Published: Jun 24, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20190624 XL-19-005 - ABB HMI Absence of Signature Verification Vulnerability

mailing-list

x_refsource_FULLDISC

http://seclists.org/fulldisclosure/2019/Jun/34

x_refsource_MISC

https://www.darkmatter.ae/xen1thlabs/abb-hmi-absence-of-signature-verification-vulnerability-xl-19-005/

x_refsource_MISC

https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch

x_refsource_CONFIRM

https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch

x_refsource_CONFIRM

http://packetstormsecurity.com/files/153387/ABB-HMI-Missing-Signature-Verification.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.