CVE-2018-10616

Vulnerability

ABB Panel Builder 800, an engineering tool for process panels, contains an improper input validation vulnerability (CWE-20) in all versions [1]. The vulnerability is triggered when the application opens a specially crafted file, allowing an attacker to insert and run arbitrary code [1].

Exploitation

An attacker must trick a local user into opening a malicious file with Panel Builder 800 [1]. The attack requires user interaction and has high complexity, but no prior authentication is needed [1]. The CVSS vector string is AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the computer where Panel Builder 800 is installed [1]. This compromises the confidentiality, integrity, and availability of the system, with a CVSS v3 base score of 7.0 [1].

Mitigation

ABB is investigating the vulnerability and has not yet released a patched version [1]. Users are advised to conduct cybersecurity awareness training and implement firewall configurations to protect control networks [1]. No workaround is provided beyond general security practices.