CVE-2019-18250

CRITICAL

ABB Plant Connect and Power Generation Information Manager - Authentication Bypass

Title source: llm

Description

In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device.

References (2)

Core 2

Core References

Not Applicable, Permissions Required, Third Party Advisory, US Government Resource x_refsource_misc

https://www.us-cert.gov/ics/advisories/icsa-19-318-05

Third Party Advisory

https://iotsecuritynews.com/abb-power-generation-information-manager-pgim-and-plant-connect/

Scores

CVSS v3 9.8

EPSS 0.0012

EPSS Percentile 30.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287 CWE-288

Status published

Products (2)

abb/plant_connect

abb/power_generation_information_manager

Published Nov 26, 2019

Tracked Since Feb 18, 2026