Search criteria
73 vulnerabilities found for esoms by hitachienergy
VAR-201808-0397
Vulnerability from variot - Updated: 2023-12-18 12:56ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. ABB eSOMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS 6.0.2 version has an authorization vulnerability. Attackers can use this vulnerability to gain unauthorized access to the system. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0397",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "eq",
"trust": 2.3,
"vendor": "abb",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-14805",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-28496",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125001",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14805",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14805",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-28496",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-904",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125001",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. ABB eSOMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS 6.0.2 version has an authorization vulnerability. Attackers can use this vulnerability to gain unauthorized access to the system. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "VULHUB",
"id": "VHN-125001"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-18-240-04",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2018-14805",
"trust": 3.4
},
{
"db": "BID",
"id": "105169",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28496",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-98908",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-125001",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"id": "VAR-201808-0397",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
}
],
"trust": 1.28967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
}
]
},
"last_update_date": "2023-12-18T12:56:50.866000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018030",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-240-04"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105169"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14805"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14805"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"date": "2018-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-125001"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105169"
},
{
"date": "2018-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"date": "2018-08-29T16:29:00.217000",
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"date": "2018-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125001"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105169"
},
{
"date": "2018-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
}
}
VAR-202106-1440
Vulnerability from variot - Updated: 2023-12-18 12:45Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1440",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.4.2.2"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.1"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0"
},
{
"model": "esoms",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.1.4"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.0 that\u0027s all 6.0.4.2.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.1 that\u0027s all 6.1.4"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.4",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.4.2.2",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"cve": "CVE-2021-26845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-26845",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-386007",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-012369",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-26845",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-26845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1168",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-386007",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "VULHUB",
"id": "VHN-386007"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-26845",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-077-02",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU96655623",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.0971",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-386007",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"id": "VAR-202106-1440",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
}
],
"trust": 0.6896739399999999
},
"last_update_date": "2023-12-18T12:45:12.465000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eSOMS\u00a0Report\u00a0Function\u00a0Vulnerability",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107991a8942\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "ABB eSOMS Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=144710"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107991a8942\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-077-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96655623/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0971"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107991a8942\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-386007"
},
{
"date": "2022-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"date": "2021-06-14T22:15:08.550000",
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"date": "2021-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-386007"
},
{
"date": "2022-08-30T04:56:00",
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi\u00a0ABB\u00a0Power\u00a0Grids\u00a0eSOMS\u00a0 Fraud related to unauthorized authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
],
"trust": 0.6
}
}
VAR-202004-0857
Vulnerability from variot - Updated: 2023-12-18 11:58ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. ABB eSOMS There is a vulnerability in the lack of authentication for critical features.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has an identity information verification error vulnerability that an attacker can use to change the Viewstate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0857",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"cve": "CVE-2019-19092",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015257",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17161",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "16c818d0-6316-4d81-aebc-cc619b40361e",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-151504",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015257",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19092",
"trust": 1.0,
"value": "LOW"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19092",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "JVNDB-2019-015257",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2020-17161",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-804",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-151504",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. ABB eSOMS There is a vulnerability in the lack of authentication for critical features.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an identity information verification error vulnerability that an attacker can use to change the Viewstate",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "VULHUB",
"id": "VHN-151504"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19092",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17161",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "16C818D0-6316-4D81-AEBC-CC619B40361E",
"trust": 0.2
},
{
"db": "IVD",
"id": "F45F88DD-73BA-4DD3-B85C-1B8D50809BF4",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151504",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"id": "VAR-202004-0857",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
}
]
},
"last_update_date": "2023-12-18T11:58:31.160000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS Identity Information Verification Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208951"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112320"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19092"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19092"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151504"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"date": "2020-04-02T20:15:14.877000",
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151504"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"date": "2020-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Identity information verification error vulnerability",
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
],
"trust": 1.0
}
}
VAR-202004-0859
Vulnerability from variot - Updated: 2023-12-18 11:58Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. ABB eSOMS To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "3.9"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "3.9 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"cve": "CVE-2019-19094",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015259",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17170",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "4613df6f-8ac8-42da-9f71-55237dee5239",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-151506",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015259",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-015259",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17170",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-800",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-151506",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. ABB eSOMS To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "VULHUB",
"id": "VHN-151506"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19094",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17170",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "70EA6001-AE3E-4CE3-AB25-A33D786D1379",
"trust": 0.2
},
{
"db": "IVD",
"id": "4613DF6F-8AC8-42DA-9F71-55237DEE5239",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151506",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"id": "VAR-202004-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
}
]
},
"last_update_date": "2023-12-18T11:58:31.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208957"
},
{
"title": "ABB eSOMS SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112316"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19094"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19094"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151506"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"date": "2020-04-02T20:15:15.017000",
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151506"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 1.0
}
}
VAR-202004-0861
Vulnerability from variot - Updated: 2023-12-18 11:58The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. ABB eSOMS Exists in an inadequate protection of credentials.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has an information disclosure vulnerability that an attacker can use to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0861",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"cve": "CVE-2019-19096",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015248",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17172",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-151508",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015248",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19096",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19096",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015248",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-795",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151508",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality. ABB eSOMS Exists in an inadequate protection of credentials.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an information disclosure vulnerability that an attacker can use to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "VULHUB",
"id": "VHN-151508"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19096",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17172",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "798258FB-844E-4E7B-B6D9-0B8A76988A66",
"trust": 0.2
},
{
"db": "IVD",
"id": "6494B1E2-A483-4DB1-A27A-DCD10EA046ED",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151508",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"id": "VAR-202004-0861",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
}
]
},
"last_update_date": "2023-12-18T11:58:30.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17172)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208953"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112310"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19096"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19096"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151508"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"date": "2020-04-02T20:15:15.143000",
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151508"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding inadequate protection of credentials in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
],
"trust": 1.0
}
}
VAR-202004-0855
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. ABB eSOMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker can use this vulnerability to obtain cookie information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0855",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"cve": "CVE-2019-19090",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015255",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19561",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-151502",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015255",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19090",
"trust": 1.0,
"value": "LOW"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19090",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "JVNDB-2019-015255",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2020-19561",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-806",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-151502",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. ABB eSOMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker can use this vulnerability to obtain cookie information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "VULHUB",
"id": "VHN-151502"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19090",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19561",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "CD49A2ED-01DC-4E1E-AC5D-844ED81C8479",
"trust": 0.2
},
{
"db": "IVD",
"id": "360F58FD-3BB0-4C6E-8F10-BD08EE40C271",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151502",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"id": "VAR-202004-0855",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
}
]
},
"last_update_date": "2023-12-18T11:58:30.340000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19561)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211045"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112324"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19090"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19090"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151502"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"date": "2020-04-02T20:15:14.737000",
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151502"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding lack of encryption of critical data in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration error",
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
],
"trust": 1.0
}
}
VAR-202004-0858
Vulnerability from variot - Updated: 2023-12-18 11:58eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. ABB eSOMS There is a vulnerability in requesting a weak password.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker could exploit this vulnerability to gain access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0858",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"cve": "CVE-2019-19093",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015258",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19562",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-151505",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015258",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19093",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19093",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015258",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19562",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-802",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151505",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. ABB eSOMS There is a vulnerability in requesting a weak password.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker could exploit this vulnerability to gain access",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "VULHUB",
"id": "VHN-151505"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19093",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19562",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "176B77D1-77AD-47C4-84BE-1B3053F8392C",
"trust": 0.2
},
{
"db": "IVD",
"id": "38DFBFD7-D2E5-4AAB-B361-EED6A4A18CCD",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151505",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"id": "VAR-202004-0858",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
}
]
},
"last_update_date": "2023-12-18T11:58:30.261000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS weak password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211047"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112318"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19093"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19093"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151505"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"date": "2020-04-02T20:15:14.940000",
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151505"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Weak password vulnerability",
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
],
"trust": 1.0
}
}
VAR-202004-0860
Vulnerability from variot - Updated: 2023-12-18 11:58Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0860",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"cve": "CVE-2019-19095",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015245",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17171",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "31776109-1203-4caf-b9d6-c8078168a94d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-151507",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015245",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19095",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19095",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015245",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17171",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-799",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151507",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "VULHUB",
"id": "VHN-151507"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19095",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17171",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "8A7ABFC8-13A1-4324-8D1B-8FEE43EC6954",
"trust": 0.2
},
{
"db": "IVD",
"id": "31776109-1203-4CAF-B9D6-C8078168A94D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151507",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"id": "VAR-202004-0860",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
}
]
},
"last_update_date": "2023-12-18T11:58:30.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208955"
},
{
"title": "ABB eSOMS Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112314"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19095"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19095"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151507"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"date": "2020-04-02T20:15:15.067000",
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151507"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"date": "2020-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
],
"trust": 0.6
}
}
VAR-202004-0856
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from network system or product configuration errors during operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0856",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"cve": "CVE-2019-19091",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015256",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17169",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-151503",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015256",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19091",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19091",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015256",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17169",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-805",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151503",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from network system or product configuration errors during operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "VULHUB",
"id": "VHN-151503"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19091",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17169",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "5F6157C0-9364-49C7-8195-32FEF00C5E5E",
"trust": 0.2
},
{
"db": "IVD",
"id": "5865C71B-BC17-4D05-A1EA-EC4FF57AD2EB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151503",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"id": "VAR-202004-0856",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
}
]
},
"last_update_date": "2023-12-18T11:58:30.074000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17169)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208959"
},
{
"title": "ABB eSOMS Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112322"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19091"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19091"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151503"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"date": "2020-04-02T20:15:14.817000",
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151503"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
],
"trust": 0.6
}
}
VAR-202004-0851
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. ABB eSOMS Is vulnerable to improper restrictions on rendered user interface layers or frames.Information may be obtained. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. There is a misconfiguration vulnerability in ABB eSOMS 4.0 to 6.0.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0851",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"cve": "CVE-2019-19001",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015251",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19564",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-151404",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015251",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19001",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19001",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015251",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19564",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-814",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151404",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. ABB eSOMS Is vulnerable to improper restrictions on rendered user interface layers or frames.Information may be obtained. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. There is a misconfiguration vulnerability in ABB eSOMS 4.0 to 6.0.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "VULHUB",
"id": "VHN-151404"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19001",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19564",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "B3BC4F61-5293-4F8A-8374-A16D93D111FF",
"trust": 0.2
},
{
"db": "IVD",
"id": "FB967C1B-5C46-4015-BACE-1D398B4EB40D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151404",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"id": "VAR-202004-0851",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
}
]
},
"last_update_date": "2023-12-18T11:58:30.304000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS has unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211035"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112334"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1021",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19001"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19001"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151404"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"date": "2020-04-02T20:15:13.940000",
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151404"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding improper restrictions on rendered user interface layers or frames in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration error",
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
],
"trust": 1.0
}
}
VAR-202004-0868
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. ABB eSOMS There is an injection vulnerability in.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of X-Content-Type-Options header in the HTTP response. An attacker can use this vulnerability to execute unauthorized code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0868",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"cve": "CVE-2019-19089",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015254",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19567",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "733edc59-907e-4d35-8ebb-75deadc436d1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-151500",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015254",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19089",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19089",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015254",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19567",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-807",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151500",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. ABB eSOMS There is an injection vulnerability in.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of X-Content-Type-Options header in the HTTP response. An attacker can use this vulnerability to execute unauthorized code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "VULHUB",
"id": "VHN-151500"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19089",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19567",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "9F1A70B1-8EF2-4562-83A9-AC88340B0794",
"trust": 0.2
},
{
"db": "IVD",
"id": "733EDC59-907E-4D35-8EBB-75DEADC436D1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151500",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"id": "VAR-202004-0868",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
}
]
},
"last_update_date": "2023-12-18T11:58:30.188000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19567)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211043"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=112326"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-436",
"trust": 1.1
},
{
"problemtype": "CWE-94",
"trust": 1.1
},
{
"problemtype": "CWE-74",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19089"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19089"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151500"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"date": "2020-04-02T20:15:14.423000",
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-151500"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"date": "2023-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Injection vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
],
"trust": 0.6
}
}
VAR-202004-0853
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has a security vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0853",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"cve": "CVE-2019-19003",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015253",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19566",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3f144945-21d7-4c04-88a4-23b9959852a0",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-151406",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015253",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19003",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19003",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015253",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19566",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-809",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151406",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has a security vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "VULHUB",
"id": "VHN-151406"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19003",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19566",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "B8FF984B-8752-4A47-AC75-7EB69E8E792D",
"trust": 0.2
},
{
"db": "IVD",
"id": "3F144945-21D7-4C04-88A4-23B9959852A0",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151406",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"id": "VAR-202004-0853",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
}
]
},
"last_update_date": "2023-12-18T11:58:30.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19566)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211039"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112330"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19003"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151406"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"date": "2020-04-02T20:15:14.097000",
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151406"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
],
"trust": 0.6
}
}
VAR-202004-0862
Vulnerability from variot - Updated: 2023-12-18 11:58ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. ABB eSOMS There is a cryptographic strength vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0862",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"cve": "CVE-2019-19097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015249",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19563",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-151509",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015249",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19097",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19097",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015249",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-19563",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-793",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-151509",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. ABB eSOMS There is a cryptographic strength vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "VULHUB",
"id": "VHN-151509"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19097",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19563",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "043041AB-7AC2-4228-B18B-C9AB72A51AA1",
"trust": 0.2
},
{
"db": "IVD",
"id": "53F47CCD-AF62-4DC3-8AF3-BFCB64BCD5F1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151509",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"id": "VAR-202004-0862",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
}
]
},
"last_update_date": "2023-12-18T11:58:30.415000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS encryption problem vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211051"
},
{
"title": "ABB eSOMS Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112308"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19097"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151509"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"date": "2020-04-02T20:15:15.253000",
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151509"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS encryption problem vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
],
"trust": 0.6
}
}
VAR-202004-0850
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has an information disclosure vulnerability, which can be exploited by attackers to conduct cross-site scripting attacks. The vulnerability is caused by the response from the web server not setting the X-XSS-Protection HTTP response header and some old browsers do not support Content Security Policy
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0850",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"cve": "CVE-2019-19000",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015250",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17168",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-151403",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015250",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19000",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19000",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015250",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17168",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-817",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151403",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an information disclosure vulnerability, which can be exploited by attackers to conduct cross-site scripting attacks. The vulnerability is caused by the response from the web server not setting the X-XSS-Protection HTTP response header and some old browsers do not support Content Security Policy",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "VULHUB",
"id": "VHN-151403"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19000",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17168",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "A9521391-8CD5-4D08-97AD-C61DF08347CF",
"trust": 0.2
},
{
"db": "IVD",
"id": "B83DA059-72A8-4A49-8F12-C32942EA1A67",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151403",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"id": "VAR-202004-0850",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
}
]
},
"last_update_date": "2023-12-18T11:58:30.226000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208961"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112338"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19000"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19000"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151403"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"date": "2020-04-02T20:15:13.863000",
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151403"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
],
"trust": 0.6
}
}
VAR-202004-0852
Vulnerability from variot - Updated: 2023-12-18 11:58For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0852",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"cve": "CVE-2019-19002",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015252",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19565",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-151405",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015252",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19002",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19002",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015252",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19565",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-812",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151405",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "VULHUB",
"id": "VHN-151405"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19002",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19565",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "CF8EE712-306F-4E13-AC79-76FE31F5ECDD",
"trust": 0.2
},
{
"db": "IVD",
"id": "36CB39CF-844F-4BC2-AEB5-60BF5A28B69C",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151405",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"id": "VAR-202004-0852",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
}
]
},
"last_update_date": "2023-12-18T11:58:30.376000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19565)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211037"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112332"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19002"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151405"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"date": "2020-04-02T20:15:14.003000",
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151405"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
],
"trust": 0.6
}
}
VAR-202107-1226
Vulnerability from variot - Updated: 2023-12-18 11:30Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions. (CWE-522 , CVE-2021-35527) .Cross-site scripting in a third party or other application that has compromised your system XSS Password information may be stolen by a third party who exploits the vulnerability in). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A shift operation management system for the power generation industry
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.3.1"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acbabb\u30d1\u30ef\u30fc\u30b0\u30ea\u30c3\u30c9\u793e",
"version": null
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acbabb\u30d1\u30ef\u30fc\u30b0\u30ea\u30c3\u30c9\u793e",
"version": "6.3 and all previous s"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.3.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35527"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi ABB Power Grids reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
}
],
"trust": 0.6
},
"cve": "CVE-2021-35527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-395860",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-35527",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002244",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-35527",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2021-35527",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002244",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1028",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-395860",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-35527",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions. (CWE-522 , CVE-2021-35527) .Cross-site scripting in a third party or other application that has compromised your system XSS Password information may be stolen by a third party who exploits the vulnerability in). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A shift operation management system for the power generation industry",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35527"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "VULMON",
"id": "CVE-2021-35527"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35527",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-210-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU98329583",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1028",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021073001",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2582",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-395860",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-35527",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-202107-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-395860"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:30:41.613000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cybersecurity\u00a0Advisory",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107992a0957\u0026languagecode=en\u0026action=launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107992a0957\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98329583/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2582"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021073001"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107992a0957\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-395860"
},
{
"date": "2021-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"date": "2021-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"date": "2021-07-14T14:15:08.937000",
"db": "NVD",
"id": "CVE-2021-35527"
},
{
"date": "2021-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-395860"
},
{
"date": "2021-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"date": "2021-08-03T01:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2021-35527"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi\u00a0ABB\u00a0Power\u00a0Grids\u00a0 Made \u00a0eSOMS\u00a0 Credentials are not adequately protected",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 1.2
}
}
FKIE_CVE-2023-5516
Vulnerability from fkie_nvd - Published: 2023-11-01 03:15 - Updated: 2024-11-21 08:41
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing
information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,
backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | esoms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3D04FB-2676-491B-8FBC-9D5D5911E289",
"versionEndIncluding": "6.3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"
},
{
"lang": "es",
"value": "Las solicitudes de aplicaciones web mal construidas y los componentes URI con caracteres especiales desencadenan errores y excepciones no controlados, revelando informaci\u00f3n sobre la tecnolog\u00eda subyacente y otros detalles de informaci\u00f3n confidencial. El sitio web revela involuntariamente informaci\u00f3n confidencial, incluidos detalles t\u00e9cnicos como informaci\u00f3n de la versi\u00f3n, endpoints, servidor backend e IP interna. etc., lo que potencialmente puede exponer una superficie de ataque adicional que contiene otras vulnerabilidades interesantes."
}
],
"id": "CVE-2023-5516",
"lastModified": "2024-11-21T08:41:55.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-01T03:15:08.060",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-5515
Vulnerability from fkie_nvd - Published: 2023-11-01 03:15 - Updated: 2024-11-21 08:41
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against
web servers and deployed web applications.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | esoms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3D04FB-2676-491B-8FBC-9D5D5911E289",
"versionEndIncluding": "6.3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"
},
{
"lang": "es",
"value": "Las respuestas a consultas web con ciertos par\u00e1metros revelan la ruta interna de los recursos. Esta informaci\u00f3n se puede utilizar para conocer la estructura interna de la aplicaci\u00f3n y para planear m\u00e1s ataques contra servidores web y aplicaciones web implementadas."
}
],
"id": "CVE-2023-5515",
"lastModified": "2024-11-21T08:41:55.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-01T03:15:07.993",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-5514
Vulnerability from fkie_nvd - Published: 2023-11-01 03:15 - Updated: 2024-11-21 08:41
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be
abused for enumerating the local file system structure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | esoms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3D04FB-2676-491B-8FBC-9D5D5911E289",
"versionEndIncluding": "6.3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
},
{
"lang": "es",
"value": "Se puede abusar de los mensajes de respuesta recibidos de la generaci\u00f3n del informe eSOMS utilizando ciertas consultas de par\u00e1metros con la ruta completa del archivo para enumerar la estructura del sistema de archivos local."
}
],
"id": "CVE-2023-5514",
"lastModified": "2024-11-21T08:41:55.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-01T03:15:07.933",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-35527
Vulnerability from fkie_nvd - Published: 2021-07-14 14:15 - Updated: 2024-11-21 06:12
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | esoms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C83BF20-B26C-4430-B06A-DE017A5AC7EA",
"versionEndExcluding": "6.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autocompletar la contrase\u00f1a en el campo password de la aplicaci\u00f3n web de Hitachi ABB Power Grids eSOMS, permite a un atacante conseguir acceso a unas credenciales de usuario almacenadas por el navegador. Este problema afecta a: Hitachi ABB Power Grids eSOMS versi\u00f3n 6.3 y versiones anteriores"
}
],
"id": "CVE-2021-35527",
"lastModified": "2024-11-21T06:12:26.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T14:15:08.937",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-26845
Vulnerability from fkie_nvd - Published: 2021-06-14 22:15 - Updated: 2024-11-21 05:56
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | esoms | * | |
| hitachienergy | esoms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C51D950-A3F4-4886-BE24-89D489E262FE",
"versionEndExcluding": "6.0.4.2.2",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F49EF73D-12D2-40E6-BF39-237D3D7D4446",
"versionEndExcluding": "6.1.4",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en Hitachi ABB Power Grids eSOMS, permite a un usuario no autorizado acceder a los datos de los reportes si se detecta la URL utilizada para acceder al reporte. Este problema afecta a: Hitachi ABB Power Grids eSOMS versiones 6.0 anteriores a 6.0.4.2.2; versiones 6.1 anteriores a 6.1.4; versiones 6.3 anteriores a 6.3"
}
],
"id": "CVE-2021-26845",
"lastModified": "2024-11-21T05:56:53.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-14T22:15:08.550",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-5516 (GCVE-0-2023-5516)
Vulnerability from cvelistv5 – Published: 2023-11-01 02:54 – Updated: 2025-02-27 20:36
VLAI?
Summary
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing
information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,
backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:51.563697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:39.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"
}
],
"value": "\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:54:21.225Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5516",
"datePublished": "2023-11-01T02:54:21.225Z",
"dateReserved": "2023-10-11T01:30:14.840Z",
"dateUpdated": "2025-02-27T20:36:39.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5515 (GCVE-0-2023-5515)
Vulnerability from cvelistv5 – Published: 2023-11-01 02:49 – Updated: 2025-02-27 20:36
VLAI?
Summary
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against
web servers and deployed web applications.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:57.835378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:46.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"
}
],
"value": "\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:49:08.085Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5515",
"datePublished": "2023-11-01T02:49:08.085Z",
"dateReserved": "2023-10-11T01:30:12.236Z",
"dateUpdated": "2025-02-27T20:36:46.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5514 (GCVE-0-2023-5514)
Vulnerability from cvelistv5 – Published: 2023-11-01 02:40 – Updated: 2025-02-27 20:36
VLAI?
Summary
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be
abused for enumerating the local file system structure.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:59.290872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:52.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
}
],
"value": "\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:40:53.285Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5514",
"datePublished": "2023-11-01T02:40:53.285Z",
"dateReserved": "2023-10-11T01:30:06.720Z",
"dateUpdated": "2025-02-27T20:36:52.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35527 (GCVE-0-2021-35527)
Vulnerability from cvelistv5 – Published: 2021-07-14 13:15 – Updated: 2024-09-16 23:01
VLAI?
Summary
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
Severity ?
7.5 (High)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi ABB Power Grids | eSOMS |
Affected:
unspecified , ≤ 6.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "Hitachi ABB Power Grids",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T19:09:10",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "The problem is remediated in eSOMS version 6.3.1."
}
],
"source": {
"discovery": "USER"
},
"title": "Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application",
"workarounds": [
{
"lang": "en",
"value": "Recommended security best practices and firewall configurations can help protect a process control net-work from attacks that originate from outside the network. Such practices include ensuring critical applica-tions and systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall. Firewalls should be configured to have the minimum number of ports exposed and open ports should be justified and docu-mented. Critical systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. It is important to implement robust security awareness training to ensure users are able to identify common attacks or content such as phishing E-Mails or malicious web pages."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachi-powergrids.com",
"DATE_PUBLIC": "2021-07-14T12:00:00.000Z",
"ID": "CVE-2021-35527",
"STATE": "PUBLIC",
"TITLE": "Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.3"
}
]
}
}
]
},
"vendor_name": "Hitachi ABB Power Grids"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "The problem is remediated in eSOMS version 6.3.1."
}
],
"source": {
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Recommended security best practices and firewall configurations can help protect a process control net-work from attacks that originate from outside the network. Such practices include ensuring critical applica-tions and systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall. Firewalls should be configured to have the minimum number of ports exposed and open ports should be justified and docu-mented. Critical systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. It is important to implement robust security awareness training to ensure users are able to identify common attacks or content such as phishing E-Mails or malicious web pages."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-35527",
"datePublished": "2021-07-14T13:15:37.070135Z",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-16T23:01:49.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26845 (GCVE-0-2021-26845)
Vulnerability from cvelistv5 – Published: 2021-06-14 21:25 – Updated: 2024-09-16 18:23
VLAI?
Summary
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T21:25:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "The problem is corrected in the following product versions:\neSOMS version 6.0.4.2.2\neSOMS version 6.1.4\neSOMS version 6.3\nHitachi ABB Power Grids recommends that customers apply the update as soon as possible."
}
],
"source": {
"discovery": "USER"
},
"title": "eSOMS Report Function Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2021-03-08T11:00:00.000Z",
"ID": "CVE-2021-26845",
"STATE": "PUBLIC",
"TITLE": "eSOMS Report Function Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "The problem is corrected in the following product versions:\neSOMS version 6.0.4.2.2\neSOMS version 6.1.4\neSOMS version 6.3\nHitachi ABB Power Grids recommends that customers apply the update as soon as possible."
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26845",
"datePublished": "2021-06-14T21:25:40.617368Z",
"dateReserved": "2021-02-07T00:00:00",
"dateUpdated": "2024-09-16T18:23:30.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5516 (GCVE-0-2023-5516)
Vulnerability from nvd – Published: 2023-11-01 02:54 – Updated: 2025-02-27 20:36
VLAI?
Summary
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing
information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,
backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:51.563697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:39.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"
}
],
"value": "\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:54:21.225Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5516",
"datePublished": "2023-11-01T02:54:21.225Z",
"dateReserved": "2023-10-11T01:30:14.840Z",
"dateUpdated": "2025-02-27T20:36:39.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5515 (GCVE-0-2023-5515)
Vulnerability from nvd – Published: 2023-11-01 02:49 – Updated: 2025-02-27 20:36
VLAI?
Summary
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against
web servers and deployed web applications.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:57.835378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:46.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"
}
],
"value": "\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:49:08.085Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5515",
"datePublished": "2023-11-01T02:49:08.085Z",
"dateReserved": "2023-10-11T01:30:12.236Z",
"dateUpdated": "2025-02-27T20:36:46.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5514 (GCVE-0-2023-5514)
Vulnerability from nvd – Published: 2023-11-01 02:40 – Updated: 2025-02-27 20:36
VLAI?
Summary
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be
abused for enumerating the local file system structure.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:59.290872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:52.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
}
],
"value": "\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:40:53.285Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5514",
"datePublished": "2023-11-01T02:40:53.285Z",
"dateReserved": "2023-10-11T01:30:06.720Z",
"dateUpdated": "2025-02-27T20:36:52.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35527 (GCVE-0-2021-35527)
Vulnerability from nvd – Published: 2021-07-14 13:15 – Updated: 2024-09-16 23:01
VLAI?
Summary
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
Severity ?
7.5 (High)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi ABB Power Grids | eSOMS |
Affected:
unspecified , ≤ 6.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "Hitachi ABB Power Grids",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T19:09:10",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "The problem is remediated in eSOMS version 6.3.1."
}
],
"source": {
"discovery": "USER"
},
"title": "Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application",
"workarounds": [
{
"lang": "en",
"value": "Recommended security best practices and firewall configurations can help protect a process control net-work from attacks that originate from outside the network. Such practices include ensuring critical applica-tions and systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall. Firewalls should be configured to have the minimum number of ports exposed and open ports should be justified and docu-mented. Critical systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. It is important to implement robust security awareness training to ensure users are able to identify common attacks or content such as phishing E-Mails or malicious web pages."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachi-powergrids.com",
"DATE_PUBLIC": "2021-07-14T12:00:00.000Z",
"ID": "CVE-2021-35527",
"STATE": "PUBLIC",
"TITLE": "Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.3"
}
]
}
}
]
},
"vendor_name": "Hitachi ABB Power Grids"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "The problem is remediated in eSOMS version 6.3.1."
}
],
"source": {
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Recommended security best practices and firewall configurations can help protect a process control net-work from attacks that originate from outside the network. Such practices include ensuring critical applica-tions and systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall. Firewalls should be configured to have the minimum number of ports exposed and open ports should be justified and docu-mented. Critical systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. It is important to implement robust security awareness training to ensure users are able to identify common attacks or content such as phishing E-Mails or malicious web pages."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-35527",
"datePublished": "2021-07-14T13:15:37.070135Z",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-16T23:01:49.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}