cvelistv5 - cve-2019-19096

CVE-2019-19096 (GCVE-0-2019-19096)

Vulnerability from cvelistv5 – Published: 2020-04-02 19:48 – Updated: 2024-08-05 02:09

Summary

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-257 - Storing Passwords in a Recoverable Format

Assigner

ABB

References

URL

	Vendor	Product	Version
	ABB	eSOMS	Affected: 6.0 to 6.0.2

GHSA-M826-R7FQ-85QC

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2023-05-16 21:30

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-19096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257",
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-02T20:15:00Z",
    "severity": "LOW"
  },
  "details": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality.",
  "id": "GHSA-m826-r7fq-85qc",
  "modified": "2023-05-16T21:30:17Z",
  "published": "2022-05-24T17:13:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19096"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-202004-0861

Vulnerability from variot - Updated: 2023-12-18 11:58

The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. ABB eSOMS Exists in an inadequate protection of credentials.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company.

ABB eSOMS has an information disclosure vulnerability that an attacker can use to obtain sensitive information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0861",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "esoms",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hitachienergy",
        "version": "6.0.2"
      },
      {
        "model": "esoms",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "hitachienergy",
        "version": "6.0"
      },
      {
        "model": "esoms",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "abb",
        "version": "6.0 \u304b\u3089 6.0.2"
      },
      {
        "model": "esoms",
        "scope": null,
        "trust": 0.6,
        "vendor": "abb",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "esoms",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
      },
      {
        "db": "IVD",
        "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17172"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015248"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19096"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.2",
                "versionStartIncluding": "6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19096"
      }
    ]
  },
  "cve": "CVE-2019-19096",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015248",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-17172",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-151508",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 4.2,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015248",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-19096",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "cybersecurity@ch.abb.com",
            "id": "CVE-2019-19096",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-015248",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-17172",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-795",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-151508",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
      },
      {
        "db": "IVD",
        "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17172"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015248"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19096"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19096"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-795"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality. ABB eSOMS Exists in an inadequate protection of credentials.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an information disclosure vulnerability that an attacker can use to obtain sensitive information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19096"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015248"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17172"
      },
      {
        "db": "IVD",
        "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
      },
      {
        "db": "IVD",
        "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151508"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-19096",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-072-01",
        "trust": 2.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17172",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-795",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015248",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0929",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "798258FB-844E-4E7B-B6D9-0B8A76988A66",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "6494B1E2-A483-4DB1-A27A-DCD10EA046ED",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-151508",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
      },
      {
        "db": "IVD",
        "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17172"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015248"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19096"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-795"
      }
    ]
  },
  "id": "VAR-202004-0861",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
      },
      {
        "db": "IVD",
        "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17172"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151508"
      }
    ],
    "trust": 1.68967394
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
      },
      {
        "db": "IVD",
        "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17172"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:58:30.152000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ABBVU-PGGA-2018035",
        "trust": 0.8,
        "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
      },
      {
        "title": "Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17172)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/208953"
      },
      {
        "title": "ABB eSOMS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112310"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17172"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-795"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-522",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-151508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015248"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19096"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
      },
      {
        "trust": 1.6,
        "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19096"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19096"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
      },
      {
        "trust": 0.1,
        "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17172"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015248"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19096"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-795"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
      },
      {
        "db": "IVD",
        "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17172"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015248"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19096"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-795"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-12T00:00:00",
        "db": "IVD",
        "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
      },
      {
        "date": "2020-03-12T00:00:00",
        "db": "IVD",
        "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
      },
      {
        "date": "2020-03-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17172"
      },
      {
        "date": "2020-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151508"
      },
      {
        "date": "2020-04-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015248"
      },
      {
        "date": "2020-04-02T20:15:15.143000",
        "db": "NVD",
        "id": "CVE-2019-19096"
      },
      {
        "date": "2020-03-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-795"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17172"
      },
      {
        "date": "2020-04-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151508"
      },
      {
        "date": "2020-06-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015248"
      },
      {
        "date": "2023-05-16T20:21:29.777000",
        "db": "NVD",
        "id": "CVE-2019-19096"
      },
      {
        "date": "2020-04-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-795"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-795"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ABB eSOMS Vulnerability regarding inadequate protection of credentials in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015248"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "IVD",
        "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
      },
      {
        "db": "IVD",
        "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-795"
      }
    ],
    "trust": 1.0
  }
}

CNVD-2020-17172

Vulnerability from cnvd - Published: 2020-03-15

Title

ABB eSOMS信息泄露漏洞（CNVD-2020-17172）

Description

ABB eSOMS是瑞士ABB公司的一套工厂运营管理系统。 ABB eSOMS存在信息泄露漏洞，攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

ABB eSOMS信息泄露漏洞（CNVD-2020-17172）的补丁

Patch Description

ABB eSOMS是瑞士ABB公司的一套工厂运营管理系统。 ABB eSOMS存在信息泄露漏洞，攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://new.abb.com/

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-072-01

Impacted products

Name
ABB eSOMS

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19096"
    }
  },
  "description": "ABB eSOMS\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u5957\u5de5\u5382\u8fd0\u8425\u7ba1\u7406\u7cfb\u7edf\u3002\n\nABB eSOMS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://new.abb.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-17172",
  "openTime": "2020-03-15",
  "patchDescription": "ABB eSOMS\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u5957\u5de5\u5382\u8fd0\u8425\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nABB eSOMS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ABB eSOMS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-17172\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "ABB eSOMS"
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01",
  "serverity": "\u4e2d",
  "submitTime": "2020-03-13",
  "title": "ABB eSOMS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-17172\uff09"
}

ICSA-20-072-01

Vulnerability from csaf_cisa - Published: 2020-03-12 00:00 - Updated: 2020-03-12 00:00

Summary

ICSA-20-072-01_ABB eSOMS

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Summary

ABB reported these vulnerabilities to CISA.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "ABB",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "summary",
        "text": "ABB reported these vulnerabilities to CISA.",
        "title": "Summary"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-072-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-072-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-072-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-072-01"
      }
    ],
    "title": "ICSA-20-072-01_ABB eSOMS",
    "tracking": {
      "current_release_date": "2020-03-12T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSA-20-072-01",
      "initial_release_date": "2020-03-12T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-03-12T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-072-01 ABB eSOMS"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 6.02",
                "product": {
                  "name": "eSOMS: 6.02 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "eSOMS"
          }
        ],
        "category": "vendor",
        "name": "ABB"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19000",
      "cwe": {
        "id": "CWE-525",
        "name": "Use of Web Browser Cache Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS 6.0.3 and earlier, The Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.CVE-2019-19000 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19000"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19000"
    },
    {
      "cve": "CVE-2019-19001",
      "cwe": {
        "id": "CWE-1021",
        "name": "Improper Restriction of Rendered UI Layers or Frames"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious website, revealing sensitive user information such as authentication credentials. CVE-2019-19001 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19001"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19001"
    },
    {
      "cve": "CVE-2019-19002",
      "cwe": {
        "id": "CWE-644",
        "name": "Improper Neutralization of HTTP Headers for Scripting Syntax"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of cross-site scripting. CVE-2019-19002 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19002"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19002"
    },
    {
      "cve": "CVE-2019-19003",
      "cwe": {
        "id": "CWE-1004",
        "name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the HTTPOnly flag is not set. This can allow JavaScript to access the cookie contents, which in turn might enable Cross-site Scripting. CVE-2019-19003 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19003"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19003"
    },
    {
      "cve": "CVE-2019-19089",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.3 and earlier, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. CVE-2019-19089 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19089"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19089"
    },
    {
      "cve": "CVE-2019-19090",
      "cwe": {
        "id": "CWE-614",
        "name": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.2 and earlier, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. CVE-2019-19090 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19090"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19090"
    },
    {
      "cve": "CVE-2019-19091",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "summary",
          "text": "For ABB eSOMS Versions 6.0.3 and earlier, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. CVE-2019-19091 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19091"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19091"
    },
    {
      "cve": "CVE-2019-19092",
      "cwe": {
        "id": "CWE-642",
        "name": "External Control of Critical State Data"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ABB eSOMS Versions 6.0.3 and earlier use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. CVE-2019-19092 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19092"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19092"
    },
    {
      "cve": "CVE-2019-19093",
      "cwe": {
        "id": "CWE-521",
        "name": "Weak Password Requirements"
      },
      "notes": [
        {
          "category": "summary",
          "text": "eSOMS versions before 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. CVE-2019-19093 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19093"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19093"
    },
    {
      "cve": "CVE-2019-19094",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Lack of input checks for SQL queries in ABB eSOMS Versions 6.0.3 and earlier might allow an attacker SQL injection attacks against the backend database. CVE-2019-19094 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19094"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19094"
    },
    {
      "cve": "CVE-2019-19095",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Lack of adequate input/output validation for ABB eSOMS Versions 6.0.2 and earlier might allow an attacker to attack, such as stored cross-site scripting by storing malicious content in the database. CVE-2019-19095 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19095"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19095"
    },
    {
      "cve": "CVE-2019-19096",
      "cwe": {
        "id": "CWE-312",
        "name": "Cleartext Storage of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Redis data structure component used in ABB eSOMS Versions 6.0.2 and earlier is storing credentials in clear text. If an attacker has file system access, this can potentially compromise the credential \u0027s confidentiality. CVE-2019-19096 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19096"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19096"
    },
    {
      "cve": "CVE-2019-19097",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ABB eSOMS Versions 6.0.3 and earlier accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.  CVE-2019-19097 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19097"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends users update their version of eSOMS to 6.0.3 or 6.1.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information and support please contact an ABB service organization. For contact information, see https://new.abb.com/contact-centers or see ABB security advisory number ABBVU-PGGA-2018035.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://new.abb.com/contact-centers"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-19097"
    }
  ]
}

FKIE_CVE-2019-19096

Vulnerability from fkie_nvd - Published: 2020-04-02 20:15 - Updated: 2024-11-21 04:34

Severity ?

6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Summary

References

	URL	Tags
	cybersecurity@ch.abb.com	https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

Impacted products

	Vendor	Product	Version
	hitachienergy	esoms	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E141727-91DD-4266-8E17-A1BDDD8C0124",
              "versionEndIncluding": "6.0.2",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
    },
    {
      "lang": "es",
      "value": "El componente de estructura de datos Redis usado en ABB eSOMS versiones 6.0 hasta 6.0.2, almacena credenciales en texto sin cifrar. Si un atacante posee acceso al sistema de archivos, esto puede comprometer la confidencialidad de las credenciales."
    }
  ],
  "id": "CVE-2019-19096",
  "lastModified": "2024-11-21T04:34:11.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.2,
        "source": "cybersecurity@ch.abb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-02T20:15:15.143",
  "references": [
    {
      "source": "cybersecurity@ch.abb.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "sourceIdentifier": "cybersecurity@ch.abb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-257"
        }
      ],
      "source": "cybersecurity@ch.abb.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-19096

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-19096

Aliases

CVE-2019-19096

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-19096",
    "description": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality.",
    "id": "GSD-2019-19096"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-19096"
      ],
      "details": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality.",
      "id": "GSD-2019-19096",
      "modified": "2023-12-13T01:23:54.052628Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@ch.abb.com",
        "ID": "CVE-2019-19096",
        "STATE": "PUBLIC",
        "TITLE": "ABB eSOMS: REDIS clear text credentials"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "eSOMS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "6.0 to 6.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ABB"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-257 Storing Passwords in a Recoverable Format"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
            "refsource": "CONFIRM",
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.2",
                "versionStartIncluding": "6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@ch.abb.com",
          "ID": "CVE-2019-19096"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 4.2
        }
      },
      "lastModifiedDate": "2023-05-16T20:21Z",
      "publishedDate": "2020-04-02T20:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-19096 (GCVE-0-2019-19096)

GHSA-M826-R7FQ-85QC

VAR-202004-0861

CNVD-2020-17172

ICSA-20-072-01

FKIE_CVE-2019-19096

GSD-2019-19096

Tags

Sightings

Nomenclature