CYBER SECURITY ADVISORY – Panel Builder 800,Improper input validation vulnerability (CVE-2018-10616)

Retrospectively cyber attack encountered on Nuclear power facility in past. The SCADA system facilities vendor are working hard to hardening their device and provided cyber security advisory. An cyber security alert announced by ABB that a software engineering tool for configure Panel 800 has vulnerability occurs. ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. However the vulnerabilites indicated that theattacker could create a specially crafted file and try to trick a person using the Panel Builder 800 to open this file (see below hyperlink – technical note)

http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch

Perhaps the techincal limitation sometimes was happened in their fundemental design. See Alert B in attached diagram. Since panel 800 is a Intel CPU base with Windows CE OS. My concern is that It is not known whether Intel XScale or Marvell Feroceon cores are affected by these issues (Meltdown and Spectre)? But no worries, tomorrow will be a better day!

 

One thought on “CYBER SECURITY ADVISORY – Panel Builder 800,Improper input validation vulnerability (CVE-2018-10616)”

  1. I would like to consider the chance of saying thanks to you for that professional direction I have constantly enjoyed going to your site.

    We’re looking forward to the actual commencement of my college research
    and the complete groundwork would never have been complete without coming over to your blog.
    If I may be of any assistance to others, I would be glad to help by way of what I have discovered from
    here.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.