Format String Vulnerability in ABB IDAL HTTP Server

Format String Vulnerability in ABB IDAL HTTP Server

CVE-2019-7228 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.

Learn more about our Cis Benchmark Audit For Server Software.