Vulnerability CVE-2019-7225


Published: 2019-06-27

Description:
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.

See advisories in our WLB2 database:
Topic
Author
Date
Low
ABB HMI Hardcoded Credentials
xen1thLabs
25.06.2019

Type:

CWE-798

Vendor: ABB
Product: Cp635-web firmware 
Version: 1.76;
Product: Cp620-web firmware 
Version: 1.76;
Product: Cp665 firmware 
Version: 1.76;
Product: Cp651-web firmware 
Version: 1.76;
Product: Cp630-web firmware 
Version: 1.76;
Product: Cp676 firmware 
Version: 1.76;
Product: Cp661-web firmware 
Version: 1.76;
Product: Cp635-b firmware 
Version: 1.76;
Product: Cp665-web firmware 
Version: 1.76;
Product: Cp635 firmware 
Version: 1.76;
Product: Cp620 firmware 
Version: 1.76;
Product: Cp676-web firmware 
Version: 1.76;
Product: Cp651 firmware 
Version: 1.76;
Product: Cp630 firmware 
Version: 1.76;
Product: Cp661 firmware 
Version: 1.76;

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
6.4/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.html
http://seclists.org/fulldisclosure/2019/Jun/38
http://www.securityfocus.com/bid/108922
https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/

Related CVE
CVE-2019-10953
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
CVE-2018-19008
The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbi...
CVE-2018-17928
The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism.
CVE-2018-17926
The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism.
CVE-2018-18997
Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an att...
CVE-2018-18995
Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, re...
CVE-2018-14805
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.
CVE-2018-10616
ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.

Copyright 2019, cxsecurity.com

 

Back to Top