CVE-2019-18994

Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.9 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
ABBCNA
3.9 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
abbpb610_panel_builder_600
𝑥
≤ 2.8.0.424
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch
http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch