Search
Find a vulnerability
Search criteria
4 vulnerabilities found for MicroSCADA Pro SYS600 by ABB
VAR-202211-1392
Vulnerability from variot - Updated: 2025-07-24 23:56An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software from ABB in Switzerland. The software is mainly used in substation automation, SCADA electrical, power distribution management applications and industrial power management etc. An attacker could exploit this vulnerability to execute code remotely
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.3.1"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.1"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.2.1"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.2"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.1"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.4"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.4"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.3"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.0"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.3"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.1.1"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.2"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.4"
},
{
"model": "microscada pro sys600 9.4:fixpack 1",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "microscada pro sys600 9.4:fixpack 2",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "microscada pro sys600",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=9.3"
},
{
"model": "microscada pro sys600",
"scope": "gte",
"trust": 0.6,
"vendor": "abb",
"version": "10.0,\u003c=10.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"cve": "CVE-2022-3388",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-86331",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cybersecurity@hitachienergy.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2022-3388",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-3388",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2022-3388",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-3388",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-86331",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3240",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA\nPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user\u0027s role. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software from ABB in Switzerland. The software is mainly used in substation automation, SCADA electrical, power distribution management applications and industrial power management etc. An attacker could exploit this vulnerability to execute code remotely",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3388"
},
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3388",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2022-86331",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"id": "VAR-202211-1392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
]
},
"last_update_date": "2025-07-24T23:56:05.359000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for ABB MicroSCADA Pro SYS600 Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/367091"
},
{
"title": "ABB MicroSCADA Pro SYS600 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=215569"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://search.abb.com/library/download.aspx?documentid=8dbd000123\u0026languagecode=en\u0026documentpartid=\u0026action=launch\u0026elqaid=4293\u0026elqat=1"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3388/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"date": "2022-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"date": "2022-11-21T19:15:13.353000",
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"date": "2022-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"date": "2025-07-23T21:15:25.387000",
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 Code Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
}
],
"trust": 0.6
}
}
VAR-202004-0657
Vulnerability from variot - Updated: 2024-11-23 22:48ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management.
ABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0657",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.5,
"vendor": "abb",
"version": "9.3"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "microscada pro sys600",
"version": "9.3"
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:microscada_pro_sys600",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
}
]
},
"cve": "CVE-2019-5620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5620",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015512",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-27090",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5620",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015512",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5620",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-015512",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-27090",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2435",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-5620",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management. \n\r\n\r\nABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5620",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2020-27090",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512",
"trust": 0.8
},
{
"db": "IVD",
"id": "D5816D51-DD65-4B53-A03D-B5A77883386C",
"trust": 0.2
},
{
"db": "IVD",
"id": "BAA1C90A-C3BD-4764-9EA3-66A131059A14",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-5620",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"id": "VAR-202004-0657",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
}
],
"trust": 1.75
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
}
]
},
"last_update_date": "2024-11-23T22:48:02.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5620"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"date": "2020-04-29T00:00:00",
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"date": "2020-04-29T23:15:13.033000",
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"date": "2024-11-21T04:45:15.187000",
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 1.0
}
}
CVE-2019-5620 (GCVE-0-2019-5620)
Vulnerability from nvd – Published: 2020-04-29 22:15 – Updated: 2024-09-17 03:28
VLAI
Title
ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function
Summary
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.
Severity
No CVSS data available.
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.rapid7.com/db/modules/exploit/windows… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | MicroSCADA Pro SYS600 |
Affected:
9.3
|
Date Public
2013-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MicroSCADA Pro SYS600",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "9.3"
}
]
}
],
"datePublic": "2013-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
}
],
"exploits": [
{
"lang": "en",
"value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T22:15:27.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"title": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function",
"x_generator": {
"engine": "Tod\u0027s Junk Converter 0.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2013-04-05T00:00:00.000Z",
"ID": "CVE-2019-5620",
"STATE": "PUBLIC",
"TITLE": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MicroSCADA Pro SYS600",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "9.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
}
]
},
"exploit": [
{
"lang": "en",
"value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"generator": {
"engine": "Tod\u0027s Junk Converter 0.0.2"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec",
"refsource": "MISC",
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5620",
"datePublished": "2020-04-29T22:15:27.966Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:28:34.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5620 (GCVE-0-2019-5620)
Vulnerability from cvelistv5 – Published: 2020-04-29 22:15 – Updated: 2024-09-17 03:28
VLAI
Title
ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function
Summary
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.
Severity
No CVSS data available.
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.rapid7.com/db/modules/exploit/windows… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | MicroSCADA Pro SYS600 |
Affected:
9.3
|
Date Public
2013-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MicroSCADA Pro SYS600",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "9.3"
}
]
}
],
"datePublic": "2013-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
}
],
"exploits": [
{
"lang": "en",
"value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T22:15:27.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"title": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function",
"x_generator": {
"engine": "Tod\u0027s Junk Converter 0.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2013-04-05T00:00:00.000Z",
"ID": "CVE-2019-5620",
"STATE": "PUBLIC",
"TITLE": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MicroSCADA Pro SYS600",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "9.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
}
]
},
"exploit": [
{
"lang": "en",
"value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"generator": {
"engine": "Tod\u0027s Junk Converter 0.0.2"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec",
"refsource": "MISC",
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5620",
"datePublished": "2020-04-29T22:15:27.966Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:28:34.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}