cvelistv5 - cve-2019-19091

CVE-2019-19091 (GCVE-0-2019-19091)

Vulnerability from cvelistv5 – Published: 2020-04-02 19:46 – Updated: 2024-08-05 02:09

Summary

For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-16 - Configuration
CWE-202 - Exposure of Sensitive Data Through Data Queries

Assigner

ABB

References

URL

	Vendor	Product	Version
	ABB	eSOMS	Affected: 4.0 to 6.0.3

CNVD-2020-17169

Vulnerability from cnvd - Published: 2020-03-15

Title

ABB eSOMS信息泄露漏洞（CNVD-2020-17169）

Description

ABB eSOMS是瑞士ABB公司的一套工厂运营管理系统。 ABB eSOMS 6.0.3及之前版本中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。

Severity

中

Patch Name

ABB eSOMS信息泄露漏洞（CNVD-2020-17169）的补丁

Patch Description

ABB eSOMS是瑞士ABB公司的一套工厂运营管理系统。 ABB eSOMS 6.0.3及之前版本中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://new.abb.com/

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-072-01

Impacted products

Name
ABB eSOMS <=6.0.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19091"
    }
  },
  "description": "ABB eSOMS\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u5957\u5de5\u5382\u8fd0\u8425\u7ba1\u7406\u7cfb\u7edf\u3002\n\nABB eSOMS 6.0.3\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://new.abb.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-17169",
  "openTime": "2020-03-15",
  "patchDescription": "ABB eSOMS\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u5957\u5de5\u5382\u8fd0\u8425\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nABB eSOMS 6.0.3\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ABB eSOMS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-17169\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "ABB eSOMS \u003c=6.0.3"
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01",
  "serverity": "\u4e2d",
  "submitTime": "2020-03-13",
  "title": "ABB eSOMS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-17169\uff09"
}

GHSA-5CP6-M9H7-HX26

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2023-05-16 21:30

Details

For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-19091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-02T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.",
  "id": "GHSA-5cp6-m9h7-hx26",
  "modified": "2023-05-16T21:30:17Z",
  "published": "2022-05-24T17:13:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19091"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2019-19091

Vulnerability from fkie_nvd - Published: 2020-04-02 20:15 - Updated: 2024-11-21 04:34

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.

References

	URL	Tags
	cybersecurity@ch.abb.com	https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

Impacted products

	Vendor	Product	Version
	hitachienergy	esoms	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1F2FBC-7372-4E57-A02E-83DB778FE765",
              "versionEndIncluding": "6.0.3",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack."
    },
    {
      "lang": "es",
      "value": "Para ABB eSOMS versiones 4.0 hasta 6.0.3, las respuestas HTTPS contienen comentarios con informaci\u00f3n confidencial sobre la aplicaci\u00f3n. Un atacante podr\u00eda utilizar esta informaci\u00f3n detallada para dise\u00f1ar el ataque espec\u00edficamente."
    }
  ],
  "id": "CVE-2019-19091",
  "lastModified": "2024-11-21T04:34:11.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "cybersecurity@ch.abb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-02T20:15:14.817",
  "references": [
    {
      "source": "cybersecurity@ch.abb.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "sourceIdentifier": "cybersecurity@ch.abb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        },
        {
          "lang": "en",
          "value": "CWE-202"
        }
      ],
      "source": "cybersecurity@ch.abb.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-20-072-01

Vulnerability from csaf_cisa - Published: 2020-03-12 00:00 - Updated: 2020-03-12 00:00

Summary

ICSA-20-072-01_ABB eSOMS

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Summary

ABB reported these vulnerabilities to CISA.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "ABB",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "summary",
        "text": "ABB reported these vulnerabilities to CISA.",
        "title": "Summary"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-072-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-072-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-072-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-072-01"
      }
    ],
    "title": "ICSA-20-072-01_ABB eSOMS",
    "tracking": {
      "current_release_date": "2020-03-12T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSA-20-072-01",
      "initial_release_date": "2020-03-12T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-03-12T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-072-01 ABB eSOMS"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 6.02",
                "product": {
                  "name": "eSOMS: 6.02 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "eSOMS"
          }
        ],
        "category": "vendor",
        "name": "ABB"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19000",
      "cwe": {
        "id": "CWE-525",
        "name": "Use of Web Browser Cache Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS 6.0.3 and earlier, The Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.CVE-2019-19000 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19000"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19000"
    },
    {
      "cve": "CVE-2019-19001",
      "cwe": {
        "id": "CWE-1021",
        "name": "Improper Restriction of Rendered UI Layers or Frames"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious website, revealing sensitive user information such as authentication credentials. CVE-2019-19001 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19001"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19001"
    },
    {
      "cve": "CVE-2019-19002",
      "cwe": {
        "id": "CWE-644",
        "name": "Improper Neutralization of HTTP Headers for Scripting Syntax"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of cross-site scripting. CVE-2019-19002 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19002"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19002"
    },
    {
      "cve": "CVE-2019-19003",
      "cwe": {
        "id": "CWE-1004",
        "name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the HTTPOnly flag is not set. This can allow JavaScript to access the cookie contents, which in turn might enable Cross-site Scripting. CVE-2019-19003 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19003"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19003"
    },
    {
      "cve": "CVE-2019-19089",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.3 and earlier, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. CVE-2019-19089 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19089"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19089"
    },
    {
      "cve": "CVE-2019-19090",
      "cwe": {
        "id": "CWE-614",
        "name": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. CVE-2019-19090 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19090"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19090"
    },
    {
      "cve": "CVE-2019-19091",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.3 and earlier, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. CVE-2019-19091 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19091"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19091"
    },
    {
      "cve": "CVE-2019-19092",
      "cwe": {
        "id": "CWE-642",
        "name": "External Control of Critical State Data"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ABB eSOMS Versions 6.0.3 and earlier use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. CVE-2019-19092 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19092"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19092"
    },
    {
      "cve": "CVE-2019-19093",
      "cwe": {
        "id": "CWE-521",
        "name": "Weak Password Requirements"
      },
      "notes": [
        {
          "category": "summary",
          "text": "eSOMS versions before 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. CVE-2019-19093 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19093"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19093"
    },
    {
      "cve": "CVE-2019-19094",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Lack of input checks for SQL queries in ABB eSOMS Versions 6.0.3 and earlier might allow an attacker SQL injection attacks against the backend database. CVE-2019-19094 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19094"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19094"
    },
    {
      "cve": "CVE-2019-19095",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Lack of adequate input/output validation for ABB eSOMS Versions 6.0.2 and earlier might allow an attacker to attack, such as stored cross-site scripting by storing malicious content in the database. CVE-2019-19095 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19095"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19095"
    },
    {
      "cve": "CVE-2019-19096",
      "cwe": {
        "id": "CWE-312",
        "name": "Cleartext Storage of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Redis data structure component used in ABB eSOMS Versions 6.0.2 and earlier is storing credentials in clear text. If an attacker has file system access, this can potentially compromise the credential \u0027s confidentiality. CVE-2019-19096 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19096"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19096"
    },
    {
      "cve": "CVE-2019-19097",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ABB eSOMS Versions 6.0.3 and earlier accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.  CVE-2019-19097 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19097"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19097"
    }
  ]
}

VAR-202004-0856

Vulnerability from variot - Updated: 2023-12-18 11:58

For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from network system or product configuration errors during operation

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0856",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "esoms",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hitachienergy",
        "version": "6.0.3"
      },
      {
        "model": "esoms",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "hitachienergy",
        "version": "4.0"
      },
      {
        "model": "esoms",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "abb",
        "version": "4.0 \u304b\u3089 6.0.3"
      },
      {
        "model": "esoms",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "abb",
        "version": "\u003c=6.0.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "esoms",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
      },
      {
        "db": "IVD",
        "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17169"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015256"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19091"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.3",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19091"
      }
    ]
  },
  "cve": "CVE-2019-19091",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015256",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-17169",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-151503",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015256",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-19091",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "cybersecurity@ch.abb.com",
            "id": "CVE-2019-19091",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-015256",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-17169",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-805",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-151503",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
      },
      {
        "db": "IVD",
        "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17169"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015256"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19091"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-805"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from network system or product configuration errors during operation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19091"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015256"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17169"
      },
      {
        "db": "IVD",
        "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
      },
      {
        "db": "IVD",
        "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151503"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-19091",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-072-01",
        "trust": 2.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17169",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-805",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015256",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0929",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "5F6157C0-9364-49C7-8195-32FEF00C5E5E",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "5865C71B-BC17-4D05-A1EA-EC4FF57AD2EB",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-151503",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
      },
      {
        "db": "IVD",
        "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17169"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015256"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-805"
      }
    ]
  },
  "id": "VAR-202004-0856",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
      },
      {
        "db": "IVD",
        "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17169"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151503"
      }
    ],
    "trust": 1.68967394
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
      },
      {
        "db": "IVD",
        "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17169"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:58:30.074000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ABBVU-PGGA-2018035",
        "trust": 0.8,
        "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
      },
      {
        "title": "Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17169)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/208959"
      },
      {
        "title": "ABB eSOMS Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112322"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17169"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015256"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-805"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-151503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015256"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19091"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
      },
      {
        "trust": 1.6,
        "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19091"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19091"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
      },
      {
        "trust": 0.1,
        "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17169"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015256"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-805"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
      },
      {
        "db": "IVD",
        "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17169"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015256"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-805"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-12T00:00:00",
        "db": "IVD",
        "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
      },
      {
        "date": "2020-03-12T00:00:00",
        "db": "IVD",
        "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
      },
      {
        "date": "2020-03-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17169"
      },
      {
        "date": "2020-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151503"
      },
      {
        "date": "2020-04-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015256"
      },
      {
        "date": "2020-04-02T20:15:14.817000",
        "db": "NVD",
        "id": "CVE-2019-19091"
      },
      {
        "date": "2020-03-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-805"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17169"
      },
      {
        "date": "2020-04-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151503"
      },
      {
        "date": "2020-06-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015256"
      },
      {
        "date": "2023-05-16T20:21:29.777000",
        "db": "NVD",
        "id": "CVE-2019-19091"
      },
      {
        "date": "2020-04-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-805"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-805"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ABB eSOMS Vulnerability regarding information leakage in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015256"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-805"
      }
    ],
    "trust": 0.6
  }
}

GSD-2019-19091

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.

Aliases

CVE-2019-19091

Aliases

CVE-2019-19091

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-19091",
    "description": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.",
    "id": "GSD-2019-19091"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-19091"
      ],
      "details": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.",
      "id": "GSD-2019-19091",
      "modified": "2023-12-13T01:23:54.582270Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@ch.abb.com",
        "ID": "CVE-2019-19091",
        "STATE": "PUBLIC",
        "TITLE": "ABB eSOMS: HTTP response information leakage"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "eSOMS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "4.0 to 6.0.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ABB"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-16 Configuration"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-202 Exposure of Sensitive Data Through Data Queries"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
            "refsource": "CONFIRM",
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.3",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@ch.abb.com",
          "ID": "CVE-2019-19091"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-05-16T20:21Z",
      "publishedDate": "2020-04-02T20:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-19091 (GCVE-0-2019-19091)

CNVD-2020-17169

GHSA-5CP6-M9H7-HX26

FKIE_CVE-2019-19091

ICSA-20-072-01

VAR-202004-0856

GSD-2019-19091

Tags

Sightings

Nomenclature