CVE-2019-7225

Name: CVE-2019-7225
Creator: NVD / NIST
Published: 2019-06-27T17:15:15.77+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 2.90%

Last modified Jun 17, 2026

CVE-2019-7225 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. EPSS estimates a 2.90% chance of exploitation in the next 30 days.

Description

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.90%

85.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-798

Affected Software

Vendor	Product	Versions
Abb	Cp620 Firmware	<= 1.76
Abb	Cp620-Web Firmware	<= 1.76
Abb	Cp630 Firmware	<= 1.76
Abb	Cp630-Web Firmware	<= 1.76
Abb	Cp635 Firmware	<= 1.76
Abb	Cp635-B Firmware	<= 1.76
Abb	Cp635-Web Firmware	<= 1.76
Abb	Pb610 Firmware	>= 1.91, <= 2.8.0.3674
Abb	Cp651-Web Firmware	<= 1.76
Abb	Cp661 Firmware	<= 1.76
Abb	Cp661-Web Firmware	<= 1.76
Abb	Cp665 Firmware	<= 1.76
Abb	Cp665-Web Firmware	<= 1.76
Abb	Cp676 Firmware	<= 1.76
Abb	Cp676-Web Firmware	<= 1.76
Abb	Cp651 Firmware	<= 1.76

References

http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.htmlThird Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2019/Jun/38Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/108922Third Party Advisory, VDB Entry
https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/Exploit, Patch, Third Party Advisory
http://packetstormsecurity.com/files/153397/ABB-HMI-Hardcoded-Credentials.htmlThird Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2019/Jun/38Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/108922Third Party Advisory, VDB Entry
https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/Exploit, Patch, Third Party Advisory

Timeline

Published: Jun 27, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-7225?

How severe is CVE-2019-7225?

CVE-2019-7225 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 2.90% probability of exploitation in the next 30 days.

How do I fix CVE-2019-7225?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-7225?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST