cvelistv5 - cve-2019-5620

CVE-2019-5620 (GCVE-0-2019-5620)

Vulnerability from cvelistv5 – Published: 2020-04-29 22:15 – Updated: 2024-09-17 03:28

Summary

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

Severity ?

No CVSS data available.

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

rapid7

References

URL

Tags

https://www.rapid7.com/db/modules/exploit/windows…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	ABB	MicroSCADA Pro SYS600	Affected: 9.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:51.913Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MicroSCADA Pro SYS600",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "9.3"
            }
          ]
        }
      ],
      "datePublic": "2013-04-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T22:15:27",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
        }
      ],
      "title": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function",
      "x_generator": {
        "engine": "Tod\u0027s Junk Converter 0.0.2"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "cve@rapid7.com",
          "DATE_PUBLIC": "2013-04-05T00:00:00.000Z",
          "ID": "CVE-2019-5620",
          "STATE": "PUBLIC",
          "TITLE": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MicroSCADA Pro SYS600",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "9.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ABB"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
          }
        ],
        "generator": {
          "engine": "Tod\u0027s Junk Converter 0.0.2"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-306: Missing Authentication for Critical Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec",
              "refsource": "MISC",
              "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2019-5620",
    "datePublished": "2020-04-29T22:15:27.966812Z",
    "dateReserved": "2019-01-07T00:00:00",
    "dateUpdated": "2024-09-17T03:28:34.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0577CAD7-1C5C-40D6-B20B-56F532642583\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.\"}, {\"lang\": \"es\", \"value\": \"ABB MicroSCADA Pro SYS600 versi\\u00f3n 9.3, sufre de una instancia CWE-306: Falta de Autenticaci\\u00f3n para una Funci\\u00f3n Cr\\u00edtica.\"}]",
      "id": "CVE-2019-5620",
      "lastModified": "2024-11-21T04:45:15.187",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-04-29T23:15:13.033",
      "references": "[{\"url\": \"https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@rapid7.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve@rapid7.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5620\",\"sourceIdentifier\":\"cve@rapid7.com\",\"published\":\"2020-04-29T23:15:13.033\",\"lastModified\":\"2024-11-21T04:45:15.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.\"},{\"lang\":\"es\",\"value\":\"ABB MicroSCADA Pro SYS600 versi\u00f3n 9.3, sufre de una instancia CWE-306: Falta de Autenticaci\u00f3n para una Funci\u00f3n Cr\u00edtica.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve@rapid7.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0577CAD7-1C5C-40D6-B20B-56F532642583\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}],\"references\":[{\"url\":\"https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

VAR-202004-0657

Vulnerability from variot - Updated: 2023-12-18 13:23

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management.

ABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0657",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "microscada pro sys600",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "abb",
        "version": "9.3"
      },
      {
        "model": "microscada pro sys600",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachienergy",
        "version": "9.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "microscada pro sys600",
        "version": "9.3"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      }
    ]
  },
  "cve": "CVE-2019-5620",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015512",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-27090",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-5620",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015512",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-5620",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-015512",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-27090",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-2435",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-5620",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management. \n\r\n\r\nABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-5620",
        "trust": 3.5
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "D5816D51-DD65-4B53-A03D-B5A77883386C",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "BAA1C90A-C3BD-4764-9EA3-66A131059A14",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ]
  },
  "id": "VAR-202004-0657",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      }
    ],
    "trust": 1.75
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:23:19.194000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://new.abb.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5620"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5620"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/306.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-29T00:00:00",
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "date": "2020-04-29T00:00:00",
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "date": "2020-05-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "date": "2020-04-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "date": "2020-05-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "date": "2020-04-29T23:15:13.033000",
        "db": "NVD",
        "id": "CVE-2019-5620"
      },
      {
        "date": "2020-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "date": "2020-05-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "date": "2020-05-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "date": "2023-05-16T20:44:12.157000",
        "db": "NVD",
        "id": "CVE-2019-5620"
      },
      {
        "date": "2020-05-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ABB MicroSCADA Pro SYS600 Access Control Error Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ],
    "trust": 1.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access control error",
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ],
    "trust": 1.0
  }
}

CNVD-2020-27090

Vulnerability from cnvd - Published: 2020-05-08

Title

ABB MicroSCADA Pro SYS600访问控制错误漏洞

Description

ABB MicroSCADA Pro SYS600是瑞士ABB公司的一套监控和数据采集软件。该软件主要用于变电站自动化、SCADA电气、配电管理应用程序和工业电源管理等。 ABB MicroSCADA Pro SYS600 9.3版本中存在访问控制错误漏洞，该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。目前没有详细漏洞细节提供。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://abbs.qsnx.net/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-5620

Impacted products

Name
ABB MicroSCADA Pro SYS600 9.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5620"
    }
  },
  "description": "ABB MicroSCADA Pro SYS600\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u5957\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u4e3b\u8981\u7528\u4e8e\u53d8\u7535\u7ad9\u81ea\u52a8\u5316\u3001SCADA\u7535\u6c14\u3001\u914d\u7535\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u548c\u5de5\u4e1a\u7535\u6e90\u7ba1\u7406\u7b49\u3002\n\nABB MicroSCADA Pro SYS600 9.3\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u9650\u5236\u6765\u81ea\u672a\u6388\u6743\u89d2\u8272\u7684\u8d44\u6e90\u8bbf\u95ee\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://abbs.qsnx.net/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-27090",
  "openTime": "2020-05-08",
  "products": {
    "product": "ABB MicroSCADA Pro SYS600 9.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-5620",
  "serverity": "\u9ad8",
  "submitTime": "2020-04-30",
  "title": "ABB MicroSCADA Pro SYS600\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

GSD-2019-5620

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

Aliases

CVE-2019-5620

Aliases

CVE-2019-5620

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5620",
    "description": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.",
    "id": "GSD-2019-5620"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5620"
      ],
      "details": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.",
      "id": "GSD-2019-5620",
      "modified": "2023-12-13T01:23:56.730655Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "AKA": "",
        "ASSIGNER": "cve@rapid7.com",
        "DATE_PUBLIC": "2013-04-05T00:00:00.000Z",
        "ID": "CVE-2019-5620",
        "STATE": "PUBLIC",
        "TITLE": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MicroSCADA Pro SYS600",
                    "version": {
                      "version_data": [
                        {
                          "platform": "",
                          "version_affected": "=",
                          "version_name": "",
                          "version_value": "9.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ABB"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
        }
      ],
      "generator": {
        "engine": "Tod\u0027s Junk Converter 0.0.2"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-306: Missing Authentication for Critical Function"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec",
            "refsource": "MISC",
            "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@rapid7.com",
          "ID": "CVE-2019-5620"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-16T20:44Z",
      "publishedDate": "2020-04-29T23:15Z"
    }
  }
}

GHSA-VF53-387H-6JJ3

Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2023-05-16 21:30

Details

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5620"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-29T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.",
  "id": "GHSA-vf53-387h-6jj3",
  "modified": "2023-05-16T21:30:17Z",
  "published": "2022-05-24T17:16:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5620"
    },
    {
      "type": "WEB",
      "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2019-5620

Vulnerability from fkie_nvd - Published: 2020-04-29 23:15 - Updated: 2024-11-21 04:45

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

References

	URL	Tags
	cve@rapid7.com	https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec	Third Party Advisory

Impacted products

Vendor	Product	Version
hitachienergy	microscada_pro_sys600	9.3
microsoft	windows_7	-
microsoft	windows_xp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0577CAD7-1C5C-40D6-B20B-56F532642583",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
    },
    {
      "lang": "es",
      "value": "ABB MicroSCADA Pro SYS600 versi\u00f3n 9.3, sufre de una instancia CWE-306: Falta de Autenticaci\u00f3n para una Funci\u00f3n Cr\u00edtica."
    }
  ],
  "id": "CVE-2019-5620",
  "lastModified": "2024-11-21T04:45:15.187",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-29T23:15:13.033",
  "references": [
    {
      "source": "cve@rapid7.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
    }
  ],
  "sourceIdentifier": "cve@rapid7.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "cve@rapid7.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5620 (GCVE-0-2019-5620)

VAR-202004-0657

CNVD-2020-27090

GSD-2019-5620

GHSA-VF53-387H-6JJ3

FKIE_CVE-2019-5620

Tags

Sightings

Nomenclature