VAR-201911-1768
Vulnerability from variot - Updated: 2023-12-18 13:47In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device. ABB Plant Connect is a plant monitoring and management system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1768",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "power generation information manager",
"scope": null,
"trust": 1.4,
"vendor": "abb",
"version": null
},
{
"model": "plant connect",
"scope": null,
"trust": 1.4,
"vendor": "abb",
"version": null
},
{
"model": "power generation information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "*"
},
{
"model": "plant connect",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "plant connect",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "power generation information manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "341d6173-f25d-4d5d-bb74-f979e8ca0b60"
},
{
"db": "CNVD",
"id": "CNVD-2019-42428"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012893"
},
{
"db": "NVD",
"id": "CVE-2019-18250"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:plant_connect:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:power_generation_information_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18250"
}
]
},
"cve": "CVE-2019-18250",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-18250",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-42428",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "341d6173-f25d-4d5d-bb74-f979e8ca0b60",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-150578",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18250",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18250",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-42428",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-997",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "341d6173-f25d-4d5d-bb74-f979e8ca0b60",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-150578",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "341d6173-f25d-4d5d-bb74-f979e8ca0b60"
},
{
"db": "CNVD",
"id": "CNVD-2019-42428"
},
{
"db": "VULHUB",
"id": "VHN-150578"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012893"
},
{
"db": "NVD",
"id": "CVE-2019-18250"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-997"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device. ABB Plant Connect is a plant monitoring and management system",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18250"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012893"
},
{
"db": "CNVD",
"id": "CNVD-2019-42428"
},
{
"db": "IVD",
"id": "341d6173-f25d-4d5d-bb74-f979e8ca0b60"
},
{
"db": "VULHUB",
"id": "VHN-150578"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18250",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-318-05",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201911-997",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-42428",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012893",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "47526",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4312",
"trust": 0.6
},
{
"db": "IVD",
"id": "341D6173-F25D-4D5D-BB74-F979E8CA0B60",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-150578",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "341d6173-f25d-4d5d-bb74-f979e8ca0b60"
},
{
"db": "CNVD",
"id": "CNVD-2019-42428"
},
{
"db": "VULHUB",
"id": "VHN-150578"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012893"
},
{
"db": "NVD",
"id": "CVE-2019-18250"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-997"
}
]
},
"id": "VAR-201911-1768",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "341d6173-f25d-4d5d-bb74-f979e8ca0b60"
},
{
"db": "CNVD",
"id": "CNVD-2019-42428"
},
{
"db": "VULHUB",
"id": "VHN-150578"
}
],
"trust": 1.5666666999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "341d6173-f25d-4d5d-bb74-f979e8ca0b60"
},
{
"db": "CNVD",
"id": "CNVD-2019-42428"
}
]
},
"last_update_date": "2023-12-18T13:47:43.009000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
},
{
"title": "Patch for ABB Power Generation Information Manager (PGIM) and Plant Connect Security Validation Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/192105"
},
{
"title": "ABB Power Generation Information Manager and Plant Connect Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103772"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42428"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012893"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-997"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-522",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150578"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012893"
},
{
"db": "NVD",
"id": "CVE-2019-18250"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-05"
},
{
"trust": 2.4,
"url": "https://iotsecuritynews.com/abb-power-generation-information-manager-pgim-and-plant-connect/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18250"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18250"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47526"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42428"
},
{
"db": "VULHUB",
"id": "VHN-150578"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012893"
},
{
"db": "NVD",
"id": "CVE-2019-18250"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-997"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "341d6173-f25d-4d5d-bb74-f979e8ca0b60"
},
{
"db": "CNVD",
"id": "CNVD-2019-42428"
},
{
"db": "VULHUB",
"id": "VHN-150578"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012893"
},
{
"db": "NVD",
"id": "CVE-2019-18250"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-997"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-27T00:00:00",
"db": "IVD",
"id": "341d6173-f25d-4d5d-bb74-f979e8ca0b60"
},
{
"date": "2019-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42428"
},
{
"date": "2019-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-150578"
},
{
"date": "2019-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012893"
},
{
"date": "2019-11-26T00:15:11.780000",
"db": "NVD",
"id": "CVE-2019-18250"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-997"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42428"
},
{
"date": "2019-12-12T00:00:00",
"db": "VULHUB",
"id": "VHN-150578"
},
{
"date": "2019-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012893"
},
{
"date": "2021-10-29T19:11:02.377000",
"db": "NVD",
"id": "CVE-2019-18250"
},
{
"date": "2021-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-997"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-997"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB Power Generation Information Manager and Plant Connect Vulnerable to information leak from cache",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012893"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-997"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…