cvelistv5 - cve-2019-19090

CVE-2019-19090 (GCVE-0-2019-19090)

Vulnerability from cvelistv5 – Published: 2020-04-02 19:46 – Updated: 2024-08-05 02:09

Summary

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.

Severity ?

3.5 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE

CWE-16 - Configuration

Assigner

ABB

References

URL

	Vendor	Product	Version
	ABB	eSOMS	Affected: 4.0 to 6.0.2

FKIE_CVE-2019-19090

Vulnerability from fkie_nvd - Published: 2020-04-02 20:15 - Updated: 2024-11-21 04:34

Severity ?

3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Summary

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.

References

	URL	Tags
	cybersecurity@ch.abb.com	https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

Impacted products

	Vendor	Product	Version
	hitachienergy	esoms	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5811C31-75D6-407F-9321-655972F35EAC",
              "versionEndIncluding": "6.0.2",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping."
    },
    {
      "lang": "es",
      "value": "Para ABB eSOMS versiones 4.0 hasta 6.0.2, el Secure Flag no se establece en el encabezado de respuesta HTTP. Las conexiones no cifradas pueden acceder a la informaci\u00f3n de la cookie, haci\u00e9ndolas as\u00ed susceptibles a espionaje."
    }
  ],
  "id": "CVE-2019-19090",
  "lastModified": "2024-11-21T04:34:10.913",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 1.4,
        "source": "cybersecurity@ch.abb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-02T20:15:14.737",
  "references": [
    {
      "source": "cybersecurity@ch.abb.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "sourceIdentifier": "cybersecurity@ch.abb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "cybersecurity@ch.abb.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-19561

Vulnerability from cnvd - Published: 2020-03-26

Title

ABB eSOMS存在未明漏洞（CNVD-2020-19561）

Description

ABB eSOMS是瑞士ABB公司的一套工厂运营管理系统。 ABB eSOMS存在安全漏洞，漏洞源于未在HTTP响应标头中设置安全标志，攻击者可利用该漏洞获取cookie信息。

Severity

中

Patch Name

ABB eSOMS存在未明漏洞（CNVD-2020-19561）的补丁

Patch Description

ABB eSOMS是瑞士ABB公司的一套工厂运营管理系统。 ABB eSOMS存在安全漏洞，漏洞源于未在HTTP响应标头中设置安全标志，攻击者可利用该漏洞获取cookie信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://new.abb.com/

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-072-01

Impacted products

Name
ABB eSOMS <=6.0.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19090"
    }
  },
  "description": "ABB eSOMS\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u5957\u5de5\u5382\u8fd0\u8425\u7ba1\u7406\u7cfb\u7edf\u3002\n\nABB eSOMS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6e90\u4e8e\u672a\u5728HTTP\u54cd\u5e94\u6807\u5934\u4e2d\u8bbe\u7f6e\u5b89\u5168\u6807\u5fd7\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6cookie\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://new.abb.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-19561",
  "openTime": "2020-03-26",
  "patchDescription": "ABB eSOMS\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u5957\u5de5\u5382\u8fd0\u8425\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nABB eSOMS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6e90\u4e8e\u672a\u5728HTTP\u54cd\u5e94\u6807\u5934\u4e2d\u8bbe\u7f6e\u5b89\u5168\u6807\u5fd7\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6cookie\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ABB eSOMS\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2020-19561\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "ABB eSOMS \u003c=6.0.2"
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01",
  "serverity": "\u4e2d",
  "submitTime": "2020-03-13",
  "title": "ABB eSOMS\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2020-19561\uff09"
}

ICSA-20-072-01

Vulnerability from csaf_cisa - Published: 2020-03-12 00:00 - Updated: 2020-03-12 00:00

Summary

ICSA-20-072-01_ABB eSOMS

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Summary

ABB reported these vulnerabilities to CISA.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "ABB",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "summary",
        "text": "ABB reported these vulnerabilities to CISA.",
        "title": "Summary"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-072-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-072-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-072-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-072-01"
      }
    ],
    "title": "ICSA-20-072-01_ABB eSOMS",
    "tracking": {
      "current_release_date": "2020-03-12T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSA-20-072-01",
      "initial_release_date": "2020-03-12T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-03-12T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-072-01 ABB eSOMS"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 6.02",
                "product": {
                  "name": "eSOMS: 6.02 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "eSOMS"
          }
        ],
        "category": "vendor",
        "name": "ABB"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19000",
      "cwe": {
        "id": "CWE-525",
        "name": "Use of Web Browser Cache Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS 6.0.3 and earlier, The Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.CVE-2019-19000 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19000"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19000"
    },
    {
      "cve": "CVE-2019-19001",
      "cwe": {
        "id": "CWE-1021",
        "name": "Improper Restriction of Rendered UI Layers or Frames"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious website, revealing sensitive user information such as authentication credentials. CVE-2019-19001 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19001"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19001"
    },
    {
      "cve": "CVE-2019-19002",
      "cwe": {
        "id": "CWE-644",
        "name": "Improper Neutralization of HTTP Headers for Scripting Syntax"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of cross-site scripting. CVE-2019-19002 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19002"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19002"
    },
    {
      "cve": "CVE-2019-19003",
      "cwe": {
        "id": "CWE-1004",
        "name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the HTTPOnly flag is not set. This can allow JavaScript to access the cookie contents, which in turn might enable Cross-site Scripting. CVE-2019-19003 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19003"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19003"
    },
    {
      "cve": "CVE-2019-19089",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.3 and earlier, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. CVE-2019-19089 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19089"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19089"
    },
    {
      "cve": "CVE-2019-19090",
      "cwe": {
        "id": "CWE-614",
        "name": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. CVE-2019-19090 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19090"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19090"
    },
    {
      "cve": "CVE-2019-19091",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.3 and earlier, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. CVE-2019-19091 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19091"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19091"
    },
    {
      "cve": "CVE-2019-19092",
      "cwe": {
        "id": "CWE-642",
        "name": "External Control of Critical State Data"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ABB eSOMS Versions 6.0.3 and earlier use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. CVE-2019-19092 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19092"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19092"
    },
    {
      "cve": "CVE-2019-19093",
      "cwe": {
        "id": "CWE-521",
        "name": "Weak Password Requirements"
      },
      "notes": [
        {
          "category": "summary",
          "text": "eSOMS versions before 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. CVE-2019-19093 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19093"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19093"
    },
    {
      "cve": "CVE-2019-19094",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Lack of input checks for SQL queries in ABB eSOMS Versions 6.0.3 and earlier might allow an attacker SQL injection attacks against the backend database. CVE-2019-19094 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19094"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19094"
    },
    {
      "cve": "CVE-2019-19095",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Lack of adequate input/output validation for ABB eSOMS Versions 6.0.2 and earlier might allow an attacker to attack, such as stored cross-site scripting by storing malicious content in the database. CVE-2019-19095 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19095"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19095"
    },
    {
      "cve": "CVE-2019-19096",
      "cwe": {
        "id": "CWE-312",
        "name": "Cleartext Storage of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Redis data structure component used in ABB eSOMS Versions 6.0.2 and earlier is storing credentials in clear text. If an attacker has file system access, this can potentially compromise the credential \u0027s confidentiality. CVE-2019-19096 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19096"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19096"
    },
    {
      "cve": "CVE-2019-19097",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ABB eSOMS Versions 6.0.3 and earlier accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.  CVE-2019-19097 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19097"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19097"
    }
  ]
}

GSD-2019-19090

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.

Aliases

CVE-2019-19090

Aliases

CVE-2019-19090

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-19090",
    "description": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.",
    "id": "GSD-2019-19090"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-19090"
      ],
      "details": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.",
      "id": "GSD-2019-19090",
      "modified": "2023-12-13T01:23:54.254647Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@ch.abb.com",
        "ID": "CVE-2019-19090",
        "STATE": "PUBLIC",
        "TITLE": "ABB eSOMS: Secure Flag not set"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "eSOMS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "4.0 to 6.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ABB"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-16 Configuration"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
            "refsource": "CONFIRM",
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.2",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@ch.abb.com",
          "ID": "CVE-2019-19090"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-311"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.1,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-05-16T20:21Z",
      "publishedDate": "2020-04-02T20:15Z"
    }
  }
}

VAR-202004-0855

Vulnerability from variot - Updated: 2023-12-18 11:58

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. ABB eSOMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker can use this vulnerability to obtain cookie information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0855",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "esoms",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "hitachienergy",
        "version": "4.0"
      },
      {
        "model": "esoms",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hitachienergy",
        "version": "6.0.2"
      },
      {
        "model": "esoms",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "abb",
        "version": "4.0 \u304b\u3089 6.0.2"
      },
      {
        "model": "esoms",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "abb",
        "version": "\u003c=6.0.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "esoms",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
      },
      {
        "db": "IVD",
        "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-19561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19090"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.2",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19090"
      }
    ]
  },
  "cve": "CVE-2019-19090",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015255",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-19561",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "VHN-151502",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.1,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015255",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-19090",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "cybersecurity@ch.abb.com",
            "id": "CVE-2019-19090",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-015255",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-19561",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-806",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-151502",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
      },
      {
        "db": "IVD",
        "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-19561"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19090"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19090"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-806"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. ABB eSOMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker can use this vulnerability to obtain cookie information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19090"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015255"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-19561"
      },
      {
        "db": "IVD",
        "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
      },
      {
        "db": "IVD",
        "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151502"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-19090",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-072-01",
        "trust": 2.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-19561",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-806",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015255",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0929",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "CD49A2ED-01DC-4E1E-AC5D-844ED81C8479",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "360F58FD-3BB0-4C6E-8F10-BD08EE40C271",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-151502",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
      },
      {
        "db": "IVD",
        "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-19561"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19090"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-806"
      }
    ]
  },
  "id": "VAR-202004-0855",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
      },
      {
        "db": "IVD",
        "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-19561"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151502"
      }
    ],
    "trust": 1.68967394
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
      },
      {
        "db": "IVD",
        "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-19561"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:58:30.340000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ABBVU-PGGA-2018035",
        "trust": 0.8,
        "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
      },
      {
        "title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19561)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/211045"
      },
      {
        "title": "ABB eSOMS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112324"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-19561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-806"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-311",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-151502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19090"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
      },
      {
        "trust": 1.6,
        "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19090"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19090"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
      },
      {
        "trust": 0.1,
        "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-19561"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19090"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-806"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
      },
      {
        "db": "IVD",
        "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-19561"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19090"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-806"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-12T00:00:00",
        "db": "IVD",
        "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
      },
      {
        "date": "2020-03-12T00:00:00",
        "db": "IVD",
        "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
      },
      {
        "date": "2020-03-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-19561"
      },
      {
        "date": "2020-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151502"
      },
      {
        "date": "2020-04-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015255"
      },
      {
        "date": "2020-04-02T20:15:14.737000",
        "db": "NVD",
        "id": "CVE-2019-19090"
      },
      {
        "date": "2020-03-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-806"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-19561"
      },
      {
        "date": "2020-04-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151502"
      },
      {
        "date": "2020-06-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015255"
      },
      {
        "date": "2023-05-16T20:21:29.777000",
        "db": "NVD",
        "id": "CVE-2019-19090"
      },
      {
        "date": "2020-04-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-806"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-806"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ABB eSOMS Vulnerability regarding lack of encryption of critical data in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015255"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Configuration error",
    "sources": [
      {
        "db": "IVD",
        "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
      },
      {
        "db": "IVD",
        "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-806"
      }
    ],
    "trust": 1.0
  }
}

GHSA-W59J-V3F8-JGJ6

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2023-05-16 21:30

Details

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.

Severity ?

3.5 (Low)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-19090"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-311"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-02T20:15:00Z",
    "severity": "LOW"
  },
  "details": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.",
  "id": "GHSA-w59j-v3f8-jgj6",
  "modified": "2023-05-16T21:30:17Z",
  "published": "2022-05-24T17:13:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19090"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-19090 (GCVE-0-2019-19090)

FKIE_CVE-2019-19090

CNVD-2020-19561

ICSA-20-072-01

GSD-2019-19090

VAR-202004-0855

GHSA-W59J-V3F8-JGJ6

Tags

Sightings

Nomenclature