CVE-2019-18995
ABB PB610 HMISimulator does not check content-length of the HTTP request
In short
ABB PB610 HMISimulator doesn't properly check the content-length field in HTTP requests, allowing attackers to crash the application by sending specially crafted requests with incorrect content-length values.
Technical detail
The HMISimulator component fails to validate the HTTP content-length header (CWE-20: Improper Input Validation), enabling a remote denial of service attack through malformed HTTP requests. An unauthenticated attacker can send requests with manipulated content-length values to exhaust resources or cause the service to crash.
Summary generated and translated by AI from the official description.
The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products
ABB · PB610 Panel Builder 600Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →