Vulnerability CVE-2019-7226
Published: 2019-06-27

Description:
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ABB IDAL HTTP Server Authentication Bypass
Eldar Marcussen
25.06.2019

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
6.4/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://packetstormsecurity.com/files/153402/ABB-IDAL-HTTP-Server-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2019/Jun/39
http://www.securityfocus.com/bid/108886
https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-authentication-bypass-vulnerability-xl-19-010/
Copyright 2024, cxsecurity.com

 

Back to Top