Search criteria
41 vulnerabilities found for eSOMS by ABB
VAR-201808-0397
Vulnerability from variot - Updated: 2023-12-18 12:56ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. ABB eSOMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS 6.0.2 version has an authorization vulnerability. Attackers can use this vulnerability to gain unauthorized access to the system. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0397",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "eq",
"trust": 2.3,
"vendor": "abb",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-14805",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-28496",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125001",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14805",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14805",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-28496",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-904",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125001",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. ABB eSOMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS 6.0.2 version has an authorization vulnerability. Attackers can use this vulnerability to gain unauthorized access to the system. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "VULHUB",
"id": "VHN-125001"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-18-240-04",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2018-14805",
"trust": 3.4
},
{
"db": "BID",
"id": "105169",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28496",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-98908",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-125001",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"id": "VAR-201808-0397",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
}
],
"trust": 1.28967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
}
]
},
"last_update_date": "2023-12-18T12:56:50.866000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018030",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-240-04"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105169"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14805"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14805"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"date": "2018-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-125001"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105169"
},
{
"date": "2018-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"date": "2018-08-29T16:29:00.217000",
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"date": "2018-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125001"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105169"
},
{
"date": "2018-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
}
}
VAR-202106-1440
Vulnerability from variot - Updated: 2023-12-18 12:45Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1440",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.4.2.2"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.1"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0"
},
{
"model": "esoms",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.1.4"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.0 that\u0027s all 6.0.4.2.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.1 that\u0027s all 6.1.4"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.4",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.4.2.2",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"cve": "CVE-2021-26845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-26845",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-386007",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-012369",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-26845",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-26845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1168",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-386007",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "VULHUB",
"id": "VHN-386007"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-26845",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-077-02",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU96655623",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.0971",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-386007",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"id": "VAR-202106-1440",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
}
],
"trust": 0.6896739399999999
},
"last_update_date": "2023-12-18T12:45:12.465000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eSOMS\u00a0Report\u00a0Function\u00a0Vulnerability",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107991a8942\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "ABB eSOMS Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=144710"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107991a8942\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-077-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96655623/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0971"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107991a8942\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-386007"
},
{
"date": "2022-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"date": "2021-06-14T22:15:08.550000",
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"date": "2021-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-386007"
},
{
"date": "2022-08-30T04:56:00",
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi\u00a0ABB\u00a0Power\u00a0Grids\u00a0eSOMS\u00a0 Fraud related to unauthorized authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
],
"trust": 0.6
}
}
VAR-202004-0857
Vulnerability from variot - Updated: 2023-12-18 11:58ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. ABB eSOMS There is a vulnerability in the lack of authentication for critical features.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has an identity information verification error vulnerability that an attacker can use to change the Viewstate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0857",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"cve": "CVE-2019-19092",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015257",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17161",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "16c818d0-6316-4d81-aebc-cc619b40361e",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-151504",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015257",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19092",
"trust": 1.0,
"value": "LOW"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19092",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "JVNDB-2019-015257",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2020-17161",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-804",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-151504",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. ABB eSOMS There is a vulnerability in the lack of authentication for critical features.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an identity information verification error vulnerability that an attacker can use to change the Viewstate",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "VULHUB",
"id": "VHN-151504"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19092",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17161",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "16C818D0-6316-4D81-AEBC-CC619B40361E",
"trust": 0.2
},
{
"db": "IVD",
"id": "F45F88DD-73BA-4DD3-B85C-1B8D50809BF4",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151504",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"id": "VAR-202004-0857",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
}
]
},
"last_update_date": "2023-12-18T11:58:31.160000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS Identity Information Verification Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208951"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112320"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19092"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19092"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151504"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"date": "2020-04-02T20:15:14.877000",
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151504"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"date": "2020-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Identity information verification error vulnerability",
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
],
"trust": 1.0
}
}
VAR-202004-0859
Vulnerability from variot - Updated: 2023-12-18 11:58Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. ABB eSOMS To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "3.9"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "3.9 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"cve": "CVE-2019-19094",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015259",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17170",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "4613df6f-8ac8-42da-9f71-55237dee5239",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-151506",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015259",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-015259",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17170",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-800",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-151506",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. ABB eSOMS To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "VULHUB",
"id": "VHN-151506"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19094",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17170",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "70EA6001-AE3E-4CE3-AB25-A33D786D1379",
"trust": 0.2
},
{
"db": "IVD",
"id": "4613DF6F-8AC8-42DA-9F71-55237DEE5239",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151506",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"id": "VAR-202004-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
}
]
},
"last_update_date": "2023-12-18T11:58:31.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208957"
},
{
"title": "ABB eSOMS SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112316"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19094"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19094"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151506"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"date": "2020-04-02T20:15:15.017000",
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151506"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 1.0
}
}
VAR-202004-0850
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has an information disclosure vulnerability, which can be exploited by attackers to conduct cross-site scripting attacks. The vulnerability is caused by the response from the web server not setting the X-XSS-Protection HTTP response header and some old browsers do not support Content Security Policy
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0850",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"cve": "CVE-2019-19000",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015250",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17168",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-151403",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015250",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19000",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19000",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015250",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17168",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-817",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151403",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an information disclosure vulnerability, which can be exploited by attackers to conduct cross-site scripting attacks. The vulnerability is caused by the response from the web server not setting the X-XSS-Protection HTTP response header and some old browsers do not support Content Security Policy",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "VULHUB",
"id": "VHN-151403"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19000",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17168",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "A9521391-8CD5-4D08-97AD-C61DF08347CF",
"trust": 0.2
},
{
"db": "IVD",
"id": "B83DA059-72A8-4A49-8F12-C32942EA1A67",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151403",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"id": "VAR-202004-0850",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
}
]
},
"last_update_date": "2023-12-18T11:58:30.226000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208961"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112338"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19000"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19000"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151403"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"date": "2020-04-02T20:15:13.863000",
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151403"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
],
"trust": 0.6
}
}
VAR-202004-0868
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. ABB eSOMS There is an injection vulnerability in.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of X-Content-Type-Options header in the HTTP response. An attacker can use this vulnerability to execute unauthorized code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0868",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"cve": "CVE-2019-19089",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015254",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19567",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "733edc59-907e-4d35-8ebb-75deadc436d1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-151500",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015254",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19089",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19089",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015254",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19567",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-807",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151500",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. ABB eSOMS There is an injection vulnerability in.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of X-Content-Type-Options header in the HTTP response. An attacker can use this vulnerability to execute unauthorized code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "VULHUB",
"id": "VHN-151500"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19089",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19567",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "9F1A70B1-8EF2-4562-83A9-AC88340B0794",
"trust": 0.2
},
{
"db": "IVD",
"id": "733EDC59-907E-4D35-8EBB-75DEADC436D1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151500",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"id": "VAR-202004-0868",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
}
]
},
"last_update_date": "2023-12-18T11:58:30.188000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19567)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211043"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=112326"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-436",
"trust": 1.1
},
{
"problemtype": "CWE-94",
"trust": 1.1
},
{
"problemtype": "CWE-74",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19089"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19089"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151500"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"date": "2020-04-02T20:15:14.423000",
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-151500"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"date": "2023-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Injection vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
],
"trust": 0.6
}
}
VAR-202004-0856
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from network system or product configuration errors during operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0856",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"cve": "CVE-2019-19091",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015256",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17169",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-151503",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015256",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19091",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19091",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015256",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17169",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-805",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151503",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from network system or product configuration errors during operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "VULHUB",
"id": "VHN-151503"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19091",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17169",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "5F6157C0-9364-49C7-8195-32FEF00C5E5E",
"trust": 0.2
},
{
"db": "IVD",
"id": "5865C71B-BC17-4D05-A1EA-EC4FF57AD2EB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151503",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"id": "VAR-202004-0856",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
}
]
},
"last_update_date": "2023-12-18T11:58:30.074000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17169)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208959"
},
{
"title": "ABB eSOMS Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112322"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19091"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19091"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151503"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"date": "2020-04-02T20:15:14.817000",
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151503"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
],
"trust": 0.6
}
}
VAR-202004-0853
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has a security vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0853",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"cve": "CVE-2019-19003",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015253",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19566",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3f144945-21d7-4c04-88a4-23b9959852a0",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-151406",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015253",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19003",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19003",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015253",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19566",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-809",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151406",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has a security vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "VULHUB",
"id": "VHN-151406"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19003",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19566",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "B8FF984B-8752-4A47-AC75-7EB69E8E792D",
"trust": 0.2
},
{
"db": "IVD",
"id": "3F144945-21D7-4C04-88A4-23B9959852A0",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151406",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"id": "VAR-202004-0853",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
}
]
},
"last_update_date": "2023-12-18T11:58:30.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19566)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211039"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112330"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19003"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151406"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"date": "2020-04-02T20:15:14.097000",
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151406"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
],
"trust": 0.6
}
}
VAR-202004-0855
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. ABB eSOMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker can use this vulnerability to obtain cookie information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0855",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"cve": "CVE-2019-19090",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015255",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19561",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-151502",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015255",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19090",
"trust": 1.0,
"value": "LOW"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19090",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "JVNDB-2019-015255",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2020-19561",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-806",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-151502",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. ABB eSOMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker can use this vulnerability to obtain cookie information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "VULHUB",
"id": "VHN-151502"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19090",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19561",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "CD49A2ED-01DC-4E1E-AC5D-844ED81C8479",
"trust": 0.2
},
{
"db": "IVD",
"id": "360F58FD-3BB0-4C6E-8F10-BD08EE40C271",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151502",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"id": "VAR-202004-0855",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
}
]
},
"last_update_date": "2023-12-18T11:58:30.340000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19561)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211045"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112324"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19090"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19090"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151502"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"date": "2020-04-02T20:15:14.737000",
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151502"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding lack of encryption of critical data in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration error",
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
],
"trust": 1.0
}
}
VAR-202004-0861
Vulnerability from variot - Updated: 2023-12-18 11:58The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. ABB eSOMS Exists in an inadequate protection of credentials.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has an information disclosure vulnerability that an attacker can use to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0861",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"cve": "CVE-2019-19096",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015248",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17172",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-151508",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015248",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19096",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19096",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015248",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-795",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151508",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality. ABB eSOMS Exists in an inadequate protection of credentials.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an information disclosure vulnerability that an attacker can use to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "VULHUB",
"id": "VHN-151508"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19096",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17172",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "798258FB-844E-4E7B-B6D9-0B8A76988A66",
"trust": 0.2
},
{
"db": "IVD",
"id": "6494B1E2-A483-4DB1-A27A-DCD10EA046ED",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151508",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"id": "VAR-202004-0861",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
}
]
},
"last_update_date": "2023-12-18T11:58:30.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17172)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208953"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112310"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19096"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19096"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151508"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"date": "2020-04-02T20:15:15.143000",
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151508"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding inadequate protection of credentials in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
],
"trust": 1.0
}
}
VAR-202004-0862
Vulnerability from variot - Updated: 2023-12-18 11:58ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. ABB eSOMS There is a cryptographic strength vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0862",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"cve": "CVE-2019-19097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015249",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19563",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-151509",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015249",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19097",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19097",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015249",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-19563",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-793",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-151509",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. ABB eSOMS There is a cryptographic strength vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "VULHUB",
"id": "VHN-151509"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19097",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19563",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "043041AB-7AC2-4228-B18B-C9AB72A51AA1",
"trust": 0.2
},
{
"db": "IVD",
"id": "53F47CCD-AF62-4DC3-8AF3-BFCB64BCD5F1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151509",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"id": "VAR-202004-0862",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
}
]
},
"last_update_date": "2023-12-18T11:58:30.415000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS encryption problem vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211051"
},
{
"title": "ABB eSOMS Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112308"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19097"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151509"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"date": "2020-04-02T20:15:15.253000",
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151509"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS encryption problem vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
],
"trust": 0.6
}
}
VAR-202004-0858
Vulnerability from variot - Updated: 2023-12-18 11:58eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. ABB eSOMS There is a vulnerability in requesting a weak password.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker could exploit this vulnerability to gain access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0858",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"cve": "CVE-2019-19093",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015258",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19562",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-151505",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015258",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19093",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19093",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015258",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19562",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-802",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151505",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. ABB eSOMS There is a vulnerability in requesting a weak password.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker could exploit this vulnerability to gain access",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "VULHUB",
"id": "VHN-151505"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19093",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19562",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "176B77D1-77AD-47C4-84BE-1B3053F8392C",
"trust": 0.2
},
{
"db": "IVD",
"id": "38DFBFD7-D2E5-4AAB-B361-EED6A4A18CCD",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151505",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"id": "VAR-202004-0858",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
}
]
},
"last_update_date": "2023-12-18T11:58:30.261000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS weak password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211047"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112318"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19093"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19093"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151505"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"date": "2020-04-02T20:15:14.940000",
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151505"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Weak password vulnerability",
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
],
"trust": 1.0
}
}
VAR-202004-0852
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0852",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"cve": "CVE-2019-19002",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015252",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19565",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-151405",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015252",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19002",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19002",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015252",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19565",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-812",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151405",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "VULHUB",
"id": "VHN-151405"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19002",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19565",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "CF8EE712-306F-4E13-AC79-76FE31F5ECDD",
"trust": 0.2
},
{
"db": "IVD",
"id": "36CB39CF-844F-4BC2-AEB5-60BF5A28B69C",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151405",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"id": "VAR-202004-0852",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
}
]
},
"last_update_date": "2023-12-18T11:58:30.376000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19565)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211037"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112332"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19002"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151405"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"date": "2020-04-02T20:15:14.003000",
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151405"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
],
"trust": 0.6
}
}
VAR-202004-0860
Vulnerability from variot - Updated: 2023-12-18 11:58Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0860",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"cve": "CVE-2019-19095",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015245",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17171",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "31776109-1203-4caf-b9d6-c8078168a94d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-151507",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015245",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19095",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19095",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015245",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17171",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-799",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151507",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "VULHUB",
"id": "VHN-151507"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19095",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17171",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "8A7ABFC8-13A1-4324-8D1B-8FEE43EC6954",
"trust": 0.2
},
{
"db": "IVD",
"id": "31776109-1203-4CAF-B9D6-C8078168A94D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151507",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"id": "VAR-202004-0860",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
}
]
},
"last_update_date": "2023-12-18T11:58:30.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208955"
},
{
"title": "ABB eSOMS Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112314"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19095"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19095"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151507"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"date": "2020-04-02T20:15:15.067000",
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151507"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"date": "2020-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
],
"trust": 0.6
}
}
VAR-202004-0851
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. ABB eSOMS Is vulnerable to improper restrictions on rendered user interface layers or frames.Information may be obtained. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. There is a misconfiguration vulnerability in ABB eSOMS 4.0 to 6.0.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0851",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"cve": "CVE-2019-19001",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015251",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19564",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-151404",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015251",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19001",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19001",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015251",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19564",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-814",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151404",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. ABB eSOMS Is vulnerable to improper restrictions on rendered user interface layers or frames.Information may be obtained. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. There is a misconfiguration vulnerability in ABB eSOMS 4.0 to 6.0.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "VULHUB",
"id": "VHN-151404"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19001",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19564",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "B3BC4F61-5293-4F8A-8374-A16D93D111FF",
"trust": 0.2
},
{
"db": "IVD",
"id": "FB967C1B-5C46-4015-BACE-1D398B4EB40D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151404",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"id": "VAR-202004-0851",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
}
]
},
"last_update_date": "2023-12-18T11:58:30.304000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS has unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211035"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112334"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1021",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19001"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19001"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151404"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"date": "2020-04-02T20:15:13.940000",
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151404"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding improper restrictions on rendered user interface layers or frames in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration error",
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
],
"trust": 1.0
}
}
CVE-2019-19002 (GCVE-0-2019-19002)
Vulnerability from cvelistv5 – Published: 2020-04-02 19:50 – Updated: 2024-08-05 02:02
VLAI?
Title
ABB eSOMS X-XSS-Protection not enabled
Summary
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.
Severity ?
6.3 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0 to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:50:02",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS X-XSS-Protection not enabled",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19002",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS X-XSS-Protection not enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4.0 to 6.0.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19002",
"datePublished": "2020-04-02T19:50:02",
"dateReserved": "2019-11-15T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19001 (GCVE-0-2019-19001)
Vulnerability from cvelistv5 – Published: 2020-04-02 19:49 – Updated: 2024-08-05 02:02
VLAI?
Title
eSOMS X-FrameOption
Summary
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.
Severity ?
6.5 (Medium)
CWE
- CWE-16 - Configuration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0 to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:49:55",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "eSOMS X-FrameOption",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19001",
"STATE": "PUBLIC",
"TITLE": "eSOMS X-FrameOption"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4.0 to 6.0.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19001",
"datePublished": "2020-04-02T19:49:55",
"dateReserved": "2019-11-15T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19000 (GCVE-0-2019-19000)
Vulnerability from cvelistv5 – Published: 2020-04-02 19:49 – Updated: 2024-08-05 02:02
VLAI?
Title
eSOMS Cachecontrol (Pragma) HTTP Header
Summary
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.
Severity ?
6.5 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4"
},
{
"status": "affected",
"version": "5"
},
{
"status": "affected",
"version": "6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-202",
"description": "CWE-202 Exposure of Sensitive Data Through Data Queries",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:49:35",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "eSOMS Cachecontrol (Pragma) HTTP Header",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19000",
"STATE": "PUBLIC",
"TITLE": "eSOMS Cachecontrol (Pragma) HTTP Header"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4"
},
{
"version_value": "5"
},
{
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-202 Exposure of Sensitive Data Through Data Queries"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19000",
"datePublished": "2020-04-02T19:49:35",
"dateReserved": "2019-11-15T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19097 (GCVE-0-2019-19097)
Vulnerability from cvelistv5 – Published: 2020-04-02 19:48 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: SSL medium strength Cipher Suites
Summary
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.
Severity ?
5.9 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0 to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:48:26",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: SSL medium strength Cipher Suites",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19097",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: SSL medium strength Cipher Suites"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4.0 to 6.0.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-326 Inadequate Encryption Strength"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19097",
"datePublished": "2020-04-02T19:48:26",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19096 (GCVE-0-2019-19096)
Vulnerability from cvelistv5 – Published: 2020-04-02 19:48 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: REDIS clear text credentials
Summary
The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.
Severity ?
6.1 (Medium)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.0 to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:48:02",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: REDIS clear text credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19096",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: REDIS clear text credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "6.0 to 6.0.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257 Storing Passwords in a Recoverable Format"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19096",
"datePublished": "2020-04-02T19:48:02",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19095 (GCVE-0-2019-19095)
Vulnerability from cvelistv5 – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: Stored XSS vulnerability
Summary
Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.
Severity ?
5.4 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0 to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:47:46",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: Stored XSS vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19095",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: Stored XSS vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4.0 to 6.0.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19095",
"datePublished": "2020-04-02T19:47:46",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19094 (GCVE-0-2019-19094)
Vulnerability from cvelistv5 – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: SQL injection vulnerability
Summary
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
Severity ?
7.6 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.9 to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:47:32",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: SQL injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19094",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: SQL injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "3.9 to 6.0.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19094",
"datePublished": "2020-04-02T19:47:32",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19093 (GCVE-0-2019-19093)
Vulnerability from cvelistv5 – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: Password complexity issue
Summary
eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.
Severity ?
6.5 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0 to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:47:23",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: Password complexity issue",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19093",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: Password complexity issue"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4.0 to 6.0.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521 Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19093",
"datePublished": "2020-04-02T19:47:23",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19002 (GCVE-0-2019-19002)
Vulnerability from nvd – Published: 2020-04-02 19:50 – Updated: 2024-08-05 02:02
VLAI?
Title
ABB eSOMS X-XSS-Protection not enabled
Summary
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.
Severity ?
6.3 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0 to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:50:02",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS X-XSS-Protection not enabled",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19002",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS X-XSS-Protection not enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4.0 to 6.0.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19002",
"datePublished": "2020-04-02T19:50:02",
"dateReserved": "2019-11-15T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19001 (GCVE-0-2019-19001)
Vulnerability from nvd – Published: 2020-04-02 19:49 – Updated: 2024-08-05 02:02
VLAI?
Title
eSOMS X-FrameOption
Summary
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.
Severity ?
6.5 (Medium)
CWE
- CWE-16 - Configuration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0 to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:49:55",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "eSOMS X-FrameOption",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19001",
"STATE": "PUBLIC",
"TITLE": "eSOMS X-FrameOption"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4.0 to 6.0.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19001",
"datePublished": "2020-04-02T19:49:55",
"dateReserved": "2019-11-15T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19000 (GCVE-0-2019-19000)
Vulnerability from nvd – Published: 2020-04-02 19:49 – Updated: 2024-08-05 02:02
VLAI?
Title
eSOMS Cachecontrol (Pragma) HTTP Header
Summary
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.
Severity ?
6.5 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4"
},
{
"status": "affected",
"version": "5"
},
{
"status": "affected",
"version": "6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-202",
"description": "CWE-202 Exposure of Sensitive Data Through Data Queries",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:49:35",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "eSOMS Cachecontrol (Pragma) HTTP Header",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19000",
"STATE": "PUBLIC",
"TITLE": "eSOMS Cachecontrol (Pragma) HTTP Header"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4"
},
{
"version_value": "5"
},
{
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-202 Exposure of Sensitive Data Through Data Queries"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19000",
"datePublished": "2020-04-02T19:49:35",
"dateReserved": "2019-11-15T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19097 (GCVE-0-2019-19097)
Vulnerability from nvd – Published: 2020-04-02 19:48 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: SSL medium strength Cipher Suites
Summary
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.
Severity ?
5.9 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0 to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:48:26",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: SSL medium strength Cipher Suites",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19097",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: SSL medium strength Cipher Suites"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4.0 to 6.0.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-326 Inadequate Encryption Strength"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19097",
"datePublished": "2020-04-02T19:48:26",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19096 (GCVE-0-2019-19096)
Vulnerability from nvd – Published: 2020-04-02 19:48 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: REDIS clear text credentials
Summary
The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.
Severity ?
6.1 (Medium)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.0 to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:48:02",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: REDIS clear text credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19096",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: REDIS clear text credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "6.0 to 6.0.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257 Storing Passwords in a Recoverable Format"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19096",
"datePublished": "2020-04-02T19:48:02",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19095 (GCVE-0-2019-19095)
Vulnerability from nvd – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: Stored XSS vulnerability
Summary
Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.
Severity ?
5.4 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0 to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:47:46",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: Stored XSS vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19095",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: Stored XSS vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4.0 to 6.0.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19095",
"datePublished": "2020-04-02T19:47:46",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19094 (GCVE-0-2019-19094)
Vulnerability from nvd – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: SQL injection vulnerability
Summary
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
Severity ?
7.6 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.9 to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:47:32",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: SQL injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19094",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: SQL injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "3.9 to 6.0.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19094",
"datePublished": "2020-04-02T19:47:32",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}