CVE-2019-19105 : What You Need to Know
Learn about CVE-2019-19105 involving plaintext storing of credentials in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telephone Gateway. Find mitigation steps and impacted systems here.
This CVE involves the plaintext storing of credentials in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telephone Gateway.
Understanding CVE-2019-19105
This vulnerability allows the backup feature to store sensitive information in plaintext, including user account credentials.
What is CVE-2019-19105?
The backup feature of ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telephone Gateway saves application settings and setup, exposing user account credentials and other configuration details in plaintext.
The Impact of CVE-2019-19105
- CVSS Score: 6.2 (Medium Severity)
- Confidentiality Impact: High
- Attack Vector: Local
- Attack Complexity: Low
- User credentials and configuration details are at risk of exposure.
Technical Details of CVE-2019-19105
The vulnerability details and affected systems.
Vulnerability Description
The plaintext storage of credentials in ABB and Busch-Jaeger Telephone Gateways.
Affected Systems and Versions
- ABB: TG/S 3.2 Telephone Gateway (Version: 2CDG 110 135 R0011)
- Busch-Jaeger: 6186/11 Telefon-Gateway (Version: 2CKA006136A0187)
Exploitation Mechanism
The backup function inadvertently saves sensitive data in an insecure format.
Mitigation and Prevention
Protecting systems from the CVE-2019-19105 vulnerability.
Immediate Steps to Take
- Disable the backup feature if not essential
- Regularly monitor for unauthorized access
- Change default credentials
Long-Term Security Practices
- Implement encryption for stored credentials
- Conduct regular security audits
Patching and Updates
- Apply patches provided by ABB and Busch-Jaeger
- Keep systems up to date with the latest security fixes