Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-19094 (GCVE-0-2019-19094)
Vulnerability from cvelistv5 – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
VLAI?
EPSS
Title
ABB eSOMS: SQL injection vulnerability
Summary
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
Severity ?
7.6 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.9 to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:47:32.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: SQL injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19094",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: SQL injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "3.9 to 6.0.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19094",
"datePublished": "2020-04-02T19:47:32.000Z",
"dateReserved": "2019-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:09:39.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.9\", \"versionEndIncluding\": \"6.0.3\", \"matchCriteriaId\": \"133448CE-3482-49A7-84D1-A22B2BA9A0D2\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.\"}, {\"lang\": \"es\", \"value\": \"Una falta de comprobaciones de entrada para consultas SQL en ABB eSOMS versiones 3.9 hasta 6.0.3, podr\\u00eda permitir a un atacante ataques de inyecci\\u00f3n SQL contra la base de datos del back-end.\"}]",
"id": "CVE-2019-19094",
"lastModified": "2024-11-21T04:34:11.393",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cybersecurity@ch.abb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L\", \"baseScore\": 7.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L\", \"baseScore\": 7.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-04-02T20:15:15.017",
"references": "[{\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\", \"source\": \"cybersecurity@ch.abb.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cybersecurity@ch.abb.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19094\",\"sourceIdentifier\":\"cybersecurity@ch.abb.com\",\"published\":\"2020-04-02T20:15:15.017\",\"lastModified\":\"2024-11-21T04:34:11.393\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.\"},{\"lang\":\"es\",\"value\":\"Una falta de comprobaciones de entrada para consultas SQL en ABB eSOMS versiones 3.9 hasta 6.0.3, podr\u00eda permitir a un atacante ataques de inyecci\u00f3n SQL contra la base de datos del back-end.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cybersecurity@ch.abb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@ch.abb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.9\",\"versionEndIncluding\":\"6.0.3\",\"matchCriteriaId\":\"133448CE-3482-49A7-84D1-A22B2BA9A0D2\"}]}]}],\"references\":[{\"url\":\"https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\",\"source\":\"cybersecurity@ch.abb.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
BDU:2020-01117
Vulnerability from fstec - Published: 17.02.2020
VLAI Severity ?
Title
Уязвимость программного средства для управления производственными процессами ABB eSOMS, связанная с ошибками проверки ввода данных, позволяющая нарушителю выполнить произвольный SQL-запрос к базе данных уязвимого приложения
Description
Уязвимость программного средства для управления производственными процессами ABB eSOMS связана с ошибками проверки ввода данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный SQL-запрос к базе данных уязвимого приложения
Severity ?
Vendor
ABB
Software Name
eSOMS
Software Version
от 3.9 до 6.0.3 (eSOMS)
Possible Mitigations
Обновление программного обеспечения до актуальной версии
Reference
https://www.securitylab.ru/vulnerability/505886.php
https://www.cybersecurity-help.cz/vdb/SB2020031313
CWE
CWE-89
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "ABB",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 3.9 \u0434\u043e 6.0.3 (eSOMS)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.02.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.03.2020",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.03.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01117",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-19094",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "eSOMS",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438 ABB eSOMS, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0432\u043e\u0434\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 SQL-\u0437\u0430\u043f\u0440\u043e\u0441 \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL (\u0430\u0442\u0430\u043a\u0438 \u0442\u0438\u043f\u0430 \\\"\u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 SQL\\\") (CWE-89)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438 ABB eSOMS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0432\u043e\u0434\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 SQL-\u0437\u0430\u043f\u0440\u043e\u0441 \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.securitylab.ru/vulnerability/505886.php\nhttps://www.cybersecurity-help.cz/vdb/SB2020031313",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-89",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
GHSA-WX45-QJWH-7QWP
Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2023-05-16 21:30
VLAI?
Details
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
Severity ?
7.6 (High)
{
"affected": [],
"aliases": [
"CVE-2019-19094"
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-02T20:15:00Z",
"severity": "MODERATE"
},
"details": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.",
"id": "GHSA-wx45-qjwh-7qwp",
"modified": "2023-05-16T21:30:17Z",
"published": "2022-05-24T17:13:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19094"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
VAR-202004-0859
Vulnerability from variot - Updated: 2023-12-18 11:58Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. ABB eSOMS To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "3.9"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "3.9 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"cve": "CVE-2019-19094",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015259",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17170",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "4613df6f-8ac8-42da-9f71-55237dee5239",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-151506",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015259",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-015259",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17170",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-800",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-151506",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. ABB eSOMS To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "VULHUB",
"id": "VHN-151506"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19094",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17170",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "70EA6001-AE3E-4CE3-AB25-A33D786D1379",
"trust": 0.2
},
{
"db": "IVD",
"id": "4613DF6F-8AC8-42DA-9F71-55237DEE5239",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151506",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"id": "VAR-202004-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
}
],
"trust": 1.68967394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
}
]
},
"last_update_date": "2023-12-18T11:58:31.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB eSOMS SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208957"
},
{
"title": "ABB eSOMS SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112316"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19094"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19094"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151506"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"date": "2020-04-02T20:15:15.017000",
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151506"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 1.0
}
}
CNVD-2020-17170
Vulnerability from cnvd - Published: 2020-03-15
VLAI Severity ?
Title
ABB eSOMS SQL注入漏洞
Description
ABB eSOMS是瑞士ABB公司的一套工厂运营管理系统。
ABB eSOMS 6.0.3及之前版本中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
Severity
高
Patch Name
ABB eSOMS SQL注入漏洞的补丁
Patch Description
ABB eSOMS是瑞士ABB公司的一套工厂运营管理系统。
ABB eSOMS 6.0.3及之前版本中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://new.abb.com/
Reference
https://www.us-cert.gov/ics/advisories/icsa-20-072-01
Impacted products
| Name | ABB eSOMS <=6.0.3 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-19094"
}
},
"description": "ABB eSOMS\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u5957\u5de5\u5382\u8fd0\u8425\u7ba1\u7406\u7cfb\u7edf\u3002\n\nABB eSOMS 6.0.3\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u57fa\u4e8e\u6570\u636e\u5e93\u7684\u5e94\u7528\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5SQL\u547d\u4ee4\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://new.abb.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-17170",
"openTime": "2020-03-15",
"patchDescription": "ABB eSOMS\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u5957\u5de5\u5382\u8fd0\u8425\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nABB eSOMS 6.0.3\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u57fa\u4e8e\u6570\u636e\u5e93\u7684\u5e94\u7528\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5SQL\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "ABB eSOMS SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "ABB eSOMS \u003c=6.0.3"
},
"referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01",
"serverity": "\u9ad8",
"submitTime": "2020-03-13",
"title": "ABB eSOMS SQL\u6ce8\u5165\u6f0f\u6d1e"
}
ICSA-20-072-01
Vulnerability from csaf_cisa - Published: 2020-03-12 00:00 - Updated: 2020-03-12 00:00Summary
ICSA-20-072-01_ABB eSOMS
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary: ABB reported these vulnerabilities to CISA.
Exploitability: No known public exploits specifically target these vulnerabilities.
6.5 (Medium)
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
6.5 (Medium)
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
6.3 (Medium)
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
5.3 (Medium)
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
6.1 (Medium)
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
CWE-614
- Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
4.3 (Medium)
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
CWE-642
- External Control of Critical State Data
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
6.5 (Medium)
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
7.6 (High)
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
5.4 (Medium)
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
6.1 (Medium)
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
5.9 (Medium)
Vendor Fix
ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.
Mitigation
For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.
https://new.abb.com/contact-centers
References
Acknowledgments
ABB
{
"document": {
"acknowledgments": [
{
"organization": "ABB",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "summary",
"text": "ABB reported these vulnerabilities to CISA.",
"title": "Summary"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "CISAservicedesk@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-20-072-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-072-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-20-072-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-072-01"
}
],
"title": "ICSA-20-072-01_ABB eSOMS",
"tracking": {
"current_release_date": "2020-03-12T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA USCert CSAF Generator",
"version": "1"
}
},
"id": "ICSA-20-072-01",
"initial_release_date": "2020-03-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2020-03-12T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-20-072-01 ABB eSOMS"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 6.02",
"product": {
"name": "eSOMS: 6.02 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "eSOMS"
}
],
"category": "vendor",
"name": "ABB"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19000",
"cwe": {
"id": "CWE-525",
"name": "Use of Web Browser Cache Containing Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "For ABB eSOMS 6.0.3 and earlier, The Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.CVE-2019-19000 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19000"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19000"
},
{
"cve": "CVE-2019-19001",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "For ABB eSOMS Versions 6.0.2 and earlier, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious website, revealing sensitive user information such as authentication credentials. CVE-2019-19001 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19001"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19001"
},
{
"cve": "CVE-2019-19002",
"cwe": {
"id": "CWE-644",
"name": "Improper Neutralization of HTTP Headers for Scripting Syntax"
},
"notes": [
{
"category": "summary",
"text": "For ABB eSOMS Versions 6.0.2 and earlier, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of cross-site scripting. CVE-2019-19002 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19002"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19002"
},
{
"cve": "CVE-2019-19003",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "summary",
"text": "For ABB eSOMS Versions 6.0.2 and earlier, the HTTPOnly flag is not set. This can allow JavaScript to access the cookie contents, which in turn might enable Cross-site Scripting. CVE-2019-19003 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19003"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19003"
},
{
"cve": "CVE-2019-19089",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "summary",
"text": "For ABB eSOMS Versions 6.0.3 and earlier, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. CVE-2019-19089 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19089"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19089"
},
{
"cve": "CVE-2019-19090",
"cwe": {
"id": "CWE-614",
"name": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
},
"notes": [
{
"category": "summary",
"text": "For ABB eSOMS Versions 6.0.2 and earlier, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. CVE-2019-19090 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19090"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19090"
},
{
"cve": "CVE-2019-19091",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "For ABB eSOMS Versions 6.0.3 and earlier, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. CVE-2019-19091 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19091"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19091"
},
{
"cve": "CVE-2019-19092",
"cwe": {
"id": "CWE-642",
"name": "External Control of Critical State Data"
},
"notes": [
{
"category": "summary",
"text": "ABB eSOMS Versions 6.0.3 and earlier use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. CVE-2019-19092 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19092"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19092"
},
{
"cve": "CVE-2019-19093",
"cwe": {
"id": "CWE-521",
"name": "Weak Password Requirements"
},
"notes": [
{
"category": "summary",
"text": "eSOMS versions before 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. CVE-2019-19093 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19093"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19093"
},
{
"cve": "CVE-2019-19094",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Lack of input checks for SQL queries in ABB eSOMS Versions 6.0.3 and earlier might allow an attacker SQL injection attacks against the backend database. CVE-2019-19094 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19094"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19094"
},
{
"cve": "CVE-2019-19095",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Lack of adequate input/output validation for ABB eSOMS Versions 6.0.2 and earlier might allow an attacker to attack, such as stored cross-site scripting by storing malicious content in the database. CVE-2019-19095 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19095"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19095"
},
{
"cve": "CVE-2019-19096",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The Redis data structure component used in ABB eSOMS Versions 6.0.2 and earlier is storing credentials in clear text. If an attacker has file system access, this can potentially compromise the credential \u0027s confidentiality. CVE-2019-19096 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19096"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19096"
},
{
"cve": "CVE-2019-19097",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "ABB eSOMS Versions 6.0.3 and earlier accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. CVE-2019-19097 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19097"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://new.abb.com/contact-centers"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2019-19097"
}
]
}
GSD-2019-19094
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-19094",
"description": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.",
"id": "GSD-2019-19094"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-19094"
],
"details": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.",
"id": "GSD-2019-19094",
"modified": "2023-12-13T01:23:53.884405Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19094",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: SQL injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "3.9 to 6.0.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19094"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
},
"lastModifiedDate": "2023-05-16T20:21Z",
"publishedDate": "2020-04-02T20:15Z"
}
}
}
FKIE_CVE-2019-19094
Vulnerability from fkie_nvd - Published: 2020-04-02 20:15 - Updated: 2024-11-21 04:34
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Summary
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@ch.abb.com | https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | esoms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "133448CE-3482-49A7-84D1-A22B2BA9A0D2",
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
},
{
"lang": "es",
"value": "Una falta de comprobaciones de entrada para consultas SQL en ABB eSOMS versiones 3.9 hasta 6.0.3, podr\u00eda permitir a un atacante ataques de inyecci\u00f3n SQL contra la base de datos del back-end."
}
],
"id": "CVE-2019-19094",
"lastModified": "2024-11-21T04:34:11.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-02T20:15:15.017",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…