VAR-202004-0657
Vulnerability from variot - Updated: 2023-12-18 13:23ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management.
ABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0657",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.5,
"vendor": "abb",
"version": "9.3"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "microscada pro sys600",
"version": "9.3"
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"cve": "CVE-2019-5620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015512",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-27090",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5620",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015512",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5620",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-015512",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-27090",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2435",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-5620",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management. \n\r\n\r\nABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5620",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2020-27090",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512",
"trust": 0.8
},
{
"db": "IVD",
"id": "D5816D51-DD65-4B53-A03D-B5A77883386C",
"trust": 0.2
},
{
"db": "IVD",
"id": "BAA1C90A-C3BD-4764-9EA3-66A131059A14",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-5620",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
]
},
"id": "VAR-202004-0657",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
}
],
"trust": 1.75
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
}
]
},
"last_update_date": "2023-12-18T13:23:19.194000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5620"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"date": "2020-04-29T00:00:00",
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"date": "2020-04-29T23:15:13.033000",
"db": "NVD",
"id": "CVE-2019-5620"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"date": "2023-05-16T20:44:12.157000",
"db": "NVD",
"id": "CVE-2019-5620"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 1.0
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…