Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2019-7229 | First vendor Publication | 2019-06-24 |
Vendor | Cve | Last vendor Modification | 2022-01-01 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 8.3 | ||
Base Score | 8.3 | Environmental Score | 8.3 |
impact SubScore | 6 | Temporal Score | 8.3 |
Exploitabality Sub Score | 1.6 | ||
Attack Vector | Adjacent | Attack Complexity | High |
Privileges Required | None | User Interaction | None |
Scope | Changed | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.4 | Attack Range | Adjacent network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 5.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7229 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-494 | Download of Code Without Integrity Check (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2022-01-02 00:23:11 |
|
2021-08-05 01:35:25 |
|
2021-07-21 17:25:00 |
|
2021-05-04 13:40:36 |
|
2021-04-22 02:52:15 |
|
2020-05-23 02:33:06 |
|
2019-10-10 05:21:10 |
|
2019-07-04 12:10:26 |
|
2019-06-25 05:19:35 |
|
2019-06-25 00:18:54 |
|