Search

Find a vulnerability

Search criteria

    41 vulnerabilities found for eSOMS by ABB

    VAR-201808-0397

    Vulnerability from variot - Updated: 2024-11-23 22:45

    ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. ABB eSOMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company.

    ABB eSOMS 6.0.2 version has an authorization vulnerability. Attackers can use this vulnerability to gain unauthorized access to the system. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0397",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 2.3,
            "vendor": "abb",
            "version": "6.0.2"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28496"
          },
          {
            "db": "BID",
            "id": "105169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-904"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14805"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-904"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-14805",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14805",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-28496",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125001",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14805",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14805",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14805",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-28496",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201808-904",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125001",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28496"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-904"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14805"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. ABB eSOMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS 6.0.2 version has an authorization vulnerability. Attackers can use this vulnerability to gain unauthorized access to the system. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14805"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-28496"
          },
          {
            "db": "BID",
            "id": "105169"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125001"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-18-240-04",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14805",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "105169",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009815",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-28496",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-904",
            "trust": 0.7
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-98908",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-125001",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28496"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125001"
          },
          {
            "db": "BID",
            "id": "105169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-904"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14805"
          }
        ]
      },
      "id": "VAR-201808-0397",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28496"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125001"
          }
        ],
        "trust": 1.4258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28496"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:45:15.523000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018030",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14805"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-240-04"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/105169"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14805"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14805"
          },
          {
            "trust": 0.3,
            "url": "http://www.abb.com/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28496"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125001"
          },
          {
            "db": "BID",
            "id": "105169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-904"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14805"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28496"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125001"
          },
          {
            "db": "BID",
            "id": "105169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-904"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14805"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-28496"
          },
          {
            "date": "2018-08-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125001"
          },
          {
            "date": "2018-08-28T00:00:00",
            "db": "BID",
            "id": "105169"
          },
          {
            "date": "2018-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          },
          {
            "date": "2018-08-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-904"
          },
          {
            "date": "2018-08-29T16:29:00.217000",
            "db": "NVD",
            "id": "CVE-2018-14805"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-28496"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125001"
          },
          {
            "date": "2018-08-28T00:00:00",
            "db": "BID",
            "id": "105169"
          },
          {
            "date": "2018-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-904"
          },
          {
            "date": "2024-11-21T03:49:50.063000",
            "db": "NVD",
            "id": "CVE-2018-14805"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-904"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009815"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-904"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0858

    Vulnerability from variot - Updated: 2024-11-23 21:35

    eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. ABB eSOMS There is a vulnerability in requesting a weak password.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker could exploit this vulnerability to gain access

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0858",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.3"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "4.0"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "4.0 \u304b\u3089 6.0.3"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "abb",
            "version": "\u003c=6.0.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
          },
          {
            "db": "IVD",
            "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015258"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19093"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015258"
          }
        ]
      },
      "cve": "CVE-2019-19093",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-19093",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015258",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-19562",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "176b77d1-77ad-47c4-84be-1b3053f8392c",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-151505",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-19093",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015258",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19093",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19093",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015258",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19562",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-802",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "176b77d1-77ad-47c4-84be-1b3053f8392c",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151505",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
          },
          {
            "db": "IVD",
            "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-802"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19093"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19093"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. ABB eSOMS There is a vulnerability in requesting a weak password.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker could exploit this vulnerability to gain access",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19093"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015258"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          },
          {
            "db": "IVD",
            "id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
          },
          {
            "db": "IVD",
            "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151505"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19093",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19562",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-802",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015258",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "176B77D1-77AD-47C4-84BE-1B3053F8392C",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "38DFBFD7-D2E5-4AAB-B361-EED6A4A18CCD",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151505",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
          },
          {
            "db": "IVD",
            "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-802"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19093"
          }
        ]
      },
      "id": "VAR-202004-0858",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
          },
          {
            "db": "IVD",
            "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151505"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
          },
          {
            "db": "IVD",
            "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:58.793000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS weak password vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/211047"
          },
          {
            "title": "ABB eSOMS Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112318"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-802"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-521",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015258"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19093"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19093"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19093"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-802"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19093"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
          },
          {
            "db": "IVD",
            "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-802"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19093"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151505"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015258"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-802"
          },
          {
            "date": "2020-04-02T20:15:14.940000",
            "db": "NVD",
            "id": "CVE-2019-19093"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151505"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015258"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-802"
          },
          {
            "date": "2024-11-21T04:34:11.277000",
            "db": "NVD",
            "id": "CVE-2019-19093"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-802"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Weak password vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
          },
          {
            "db": "IVD",
            "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19562"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "IVD",
            "id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
          },
          {
            "db": "IVD",
            "id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-802"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202004-0853

    Vulnerability from variot - Updated: 2024-11-23 21:35

    For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company.

    ABB eSOMS has a security vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0853",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.2"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "4.0"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "4.0 \u304b\u3089 6.0.2"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "abb",
            "version": "\u003c=6.0.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
          },
          {
            "db": "IVD",
            "id": "3f144945-21d7-4c04-88a4-23b9959852a0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19566"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19003"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          }
        ]
      },
      "cve": "CVE-2019-19003",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19003",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015253",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-19566",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "3f144945-21d7-4c04-88a4-23b9959852a0",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-151406",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19003",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@ch.abb.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-19003",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015253",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19003",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19003",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015253",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19566",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-809",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "3f144945-21d7-4c04-88a4-23b9959852a0",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151406",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
          },
          {
            "db": "IVD",
            "id": "3f144945-21d7-4c04-88a4-23b9959852a0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19566"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-809"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19003"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19003"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has a security vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19566"
          },
          {
            "db": "IVD",
            "id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
          },
          {
            "db": "IVD",
            "id": "3f144945-21d7-4c04-88a4-23b9959852a0"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151406"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19003",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19566",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-809",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015253",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "B8FF984B-8752-4A47-AC75-7EB69E8E792D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "3F144945-21D7-4C04-88A4-23B9959852A0",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151406",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
          },
          {
            "db": "IVD",
            "id": "3f144945-21d7-4c04-88a4-23b9959852a0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19566"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-809"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19003"
          }
        ]
      },
      "id": "VAR-202004-0853",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
          },
          {
            "db": "IVD",
            "id": "3f144945-21d7-4c04-88a4-23b9959852a0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19566"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151406"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
          },
          {
            "db": "IVD",
            "id": "3f144945-21d7-4c04-88a4-23b9959852a0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19566"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:58.754000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19566)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/211039"
          },
          {
            "title": "ABB eSOMS Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112330"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19566"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-809"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-16",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19003"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19003"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19003"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19566"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-809"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19003"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
          },
          {
            "db": "IVD",
            "id": "3f144945-21d7-4c04-88a4-23b9959852a0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19566"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-809"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19003"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "3f144945-21d7-4c04-88a4-23b9959852a0"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19566"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151406"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-809"
          },
          {
            "date": "2020-04-02T20:15:14.097000",
            "db": "NVD",
            "id": "CVE-2019-19003"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19566"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151406"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-809"
          },
          {
            "date": "2024-11-21T04:33:58.477000",
            "db": "NVD",
            "id": "CVE-2019-19003"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-809"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015253"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-809"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0868

    Vulnerability from variot - Updated: 2024-11-23 21:35

    For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. ABB eSOMS There is an injection vulnerability in.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of X-Content-Type-Options header in the HTTP response. An attacker can use this vulnerability to execute unauthorized code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0868",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.3"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "4.0"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "4.0 \u304b\u3089 6.0.3"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "abb",
            "version": "\u003c=6.0.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
          },
          {
            "db": "IVD",
            "id": "733edc59-907e-4d35-8ebb-75deadc436d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19567"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19089"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          }
        ]
      },
      "cve": "CVE-2019-19089",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19089",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015254",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-19567",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "733edc59-907e-4d35-8ebb-75deadc436d1",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-151500",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19089",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015254",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19089",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19089",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015254",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19567",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-807",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "733edc59-907e-4d35-8ebb-75deadc436d1",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151500",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
          },
          {
            "db": "IVD",
            "id": "733edc59-907e-4d35-8ebb-75deadc436d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19567"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-807"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19089"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19089"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. ABB eSOMS There is an injection vulnerability in.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of X-Content-Type-Options header in the HTTP response. An attacker can use this vulnerability to execute unauthorized code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19567"
          },
          {
            "db": "IVD",
            "id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
          },
          {
            "db": "IVD",
            "id": "733edc59-907e-4d35-8ebb-75deadc436d1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151500"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19089",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19567",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-807",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015254",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "9F1A70B1-8EF2-4562-83A9-AC88340B0794",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "733EDC59-907E-4D35-8EBB-75DEADC436D1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151500",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
          },
          {
            "db": "IVD",
            "id": "733edc59-907e-4d35-8ebb-75deadc436d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19567"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-807"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19089"
          }
        ]
      },
      "id": "VAR-202004-0868",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
          },
          {
            "db": "IVD",
            "id": "733edc59-907e-4d35-8ebb-75deadc436d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19567"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151500"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
          },
          {
            "db": "IVD",
            "id": "733edc59-907e-4d35-8ebb-75deadc436d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19567"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:58.716000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19567)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/211043"
          },
          {
            "title": "ABB eSOMS Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=112326"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19567"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-807"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-436",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-94",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-16",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-74",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19089"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19089"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19089"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19567"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-807"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19089"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
          },
          {
            "db": "IVD",
            "id": "733edc59-907e-4d35-8ebb-75deadc436d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19567"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-807"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19089"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "733edc59-907e-4d35-8ebb-75deadc436d1"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19567"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151500"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-807"
          },
          {
            "date": "2020-04-02T20:15:14.423000",
            "db": "NVD",
            "id": "CVE-2019-19089"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19567"
          },
          {
            "date": "2020-10-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151500"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          },
          {
            "date": "2023-05-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-807"
          },
          {
            "date": "2024-11-21T04:34:10.793000",
            "db": "NVD",
            "id": "CVE-2019-19089"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-807"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Injection vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015254"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-807"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0859

    Vulnerability from variot - Updated: 2024-11-23 21:35

    Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. ABB eSOMS To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0859",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "3.9"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.3"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "3.9 \u304b\u3089 6.0.3"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "abb",
            "version": "\u003c=6.0.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
          },
          {
            "db": "IVD",
            "id": "4613df6f-8ac8-42da-9f71-55237dee5239"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015259"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19094"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015259"
          }
        ]
      },
      "cve": "CVE-2019-19094",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-19094",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015259",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-17170",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "4613df6f-8ac8-42da-9f71-55237dee5239",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-151506",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19094",
                "impactScore": 4.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 7.6,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015259",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19094",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19094",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015259",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17170",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-800",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "4613df6f-8ac8-42da-9f71-55237dee5239",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151506",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
          },
          {
            "db": "IVD",
            "id": "4613df6f-8ac8-42da-9f71-55237dee5239"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015259"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-800"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19094"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19094"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. ABB eSOMS To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015259"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          },
          {
            "db": "IVD",
            "id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
          },
          {
            "db": "IVD",
            "id": "4613df6f-8ac8-42da-9f71-55237dee5239"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151506"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19094",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17170",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-800",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015259",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "70EA6001-AE3E-4CE3-AB25-A33D786D1379",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "4613DF6F-8AC8-42DA-9F71-55237DEE5239",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151506",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
          },
          {
            "db": "IVD",
            "id": "4613df6f-8ac8-42da-9f71-55237dee5239"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015259"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-800"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19094"
          }
        ]
      },
      "id": "VAR-202004-0859",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
          },
          {
            "db": "IVD",
            "id": "4613df6f-8ac8-42da-9f71-55237dee5239"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151506"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
          },
          {
            "db": "IVD",
            "id": "4613df6f-8ac8-42da-9f71-55237dee5239"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:58.677000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS SQL injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/208957"
          },
          {
            "title": "ABB eSOMS SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112316"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015259"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-800"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015259"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19094"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19094"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19094"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015259"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-800"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19094"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
          },
          {
            "db": "IVD",
            "id": "4613df6f-8ac8-42da-9f71-55237dee5239"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015259"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-800"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19094"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "4613df6f-8ac8-42da-9f71-55237dee5239"
          },
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151506"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015259"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-800"
          },
          {
            "date": "2020-04-02T20:15:15.017000",
            "db": "NVD",
            "id": "CVE-2019-19094"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151506"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015259"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-800"
          },
          {
            "date": "2024-11-21T04:34:11.393000",
            "db": "NVD",
            "id": "CVE-2019-19094"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-800"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS SQL injection vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-800"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
          },
          {
            "db": "IVD",
            "id": "4613df6f-8ac8-42da-9f71-55237dee5239"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-800"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202004-0852

    Vulnerability from variot - Updated: 2024-11-23 21:35

    For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0852",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.2"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "4.0"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "4.0 \u304b\u3089 6.0.2"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "abb",
            "version": "\u003c=6.0.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
          },
          {
            "db": "IVD",
            "id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19002"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          }
        ]
      },
      "cve": "CVE-2019-19002",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2019-19002",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015252",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-19565",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-151405",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2019-19002",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@ch.abb.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2019-19002",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015252",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19002",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19002",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015252",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19565",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-812",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151405",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
          },
          {
            "db": "IVD",
            "id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19565"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-812"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19002"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19002"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19002"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19565"
          },
          {
            "db": "IVD",
            "id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
          },
          {
            "db": "IVD",
            "id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151405"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19002",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19565",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-812",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015252",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "CF8EE712-306F-4E13-AC79-76FE31F5ECDD",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "36CB39CF-844F-4BC2-AEB5-60BF5A28B69C",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151405",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
          },
          {
            "db": "IVD",
            "id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19565"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-812"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19002"
          }
        ]
      },
      "id": "VAR-202004-0852",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
          },
          {
            "db": "IVD",
            "id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19565"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151405"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
          },
          {
            "db": "IVD",
            "id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19565"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:58.638000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19565)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/211037"
          },
          {
            "title": "ABB eSOMS Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112332"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-812"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-16",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19002"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19002"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19002"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19565"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-812"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19002"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
          },
          {
            "db": "IVD",
            "id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19565"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-812"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19002"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19565"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151405"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-812"
          },
          {
            "date": "2020-04-02T20:15:14.003000",
            "db": "NVD",
            "id": "CVE-2019-19002"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19565"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151405"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-812"
          },
          {
            "date": "2024-11-21T04:33:58.357000",
            "db": "NVD",
            "id": "CVE-2019-19002"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-812"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015252"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-812"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0857

    Vulnerability from variot - Updated: 2024-11-23 21:35

    ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. ABB eSOMS There is a vulnerability in the lack of authentication for critical features.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company.

    ABB eSOMS has an identity information verification error vulnerability that an attacker can use to change the Viewstate

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0857",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.3"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "4.0"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "4.0 \u304b\u3089 6.0.3"
          },
          {
            "model": "esoms",
            "scope": null,
            "trust": 0.6,
            "vendor": "abb",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "16c818d0-6316-4d81-aebc-cc619b40361e"
          },
          {
            "db": "IVD",
            "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015257"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19092"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015257"
          }
        ]
      },
      "cve": "CVE-2019-19092",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "CVE-2019-19092",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015257",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-17161",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "16c818d0-6316-4d81-aebc-cc619b40361e",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "VHN-151504",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.1,
                "id": "CVE-2019-19092",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "baseSeverity": "Low",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015257",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19092",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19092",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015257",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17161",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-804",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "16c818d0-6316-4d81-aebc-cc619b40361e",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151504",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "16c818d0-6316-4d81-aebc-cc619b40361e"
          },
          {
            "db": "IVD",
            "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015257"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-804"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19092"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19092"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. ABB eSOMS There is a vulnerability in the lack of authentication for critical features.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an identity information verification error vulnerability that an attacker can use to change the Viewstate",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19092"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015257"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          },
          {
            "db": "IVD",
            "id": "16c818d0-6316-4d81-aebc-cc619b40361e"
          },
          {
            "db": "IVD",
            "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151504"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19092",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17161",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-804",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015257",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "16C818D0-6316-4D81-AEBC-CC619B40361E",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "F45F88DD-73BA-4DD3-B85C-1B8D50809BF4",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151504",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "16c818d0-6316-4d81-aebc-cc619b40361e"
          },
          {
            "db": "IVD",
            "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015257"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-804"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19092"
          }
        ]
      },
      "id": "VAR-202004-0857",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "16c818d0-6316-4d81-aebc-cc619b40361e"
          },
          {
            "db": "IVD",
            "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151504"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "16c818d0-6316-4d81-aebc-cc619b40361e"
          },
          {
            "db": "IVD",
            "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:58.599000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS Identity Information Verification Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/208951"
          },
          {
            "title": "ABB eSOMS Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112320"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015257"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-804"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-16",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015257"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19092"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19092"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19092"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015257"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-804"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19092"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "16c818d0-6316-4d81-aebc-cc619b40361e"
          },
          {
            "db": "IVD",
            "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015257"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-804"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19092"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "16c818d0-6316-4d81-aebc-cc619b40361e"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
          },
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151504"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015257"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-804"
          },
          {
            "date": "2020-04-02T20:15:14.877000",
            "db": "NVD",
            "id": "CVE-2019-19092"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151504"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015257"
          },
          {
            "date": "2020-04-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-804"
          },
          {
            "date": "2024-11-21T04:34:11.157000",
            "db": "NVD",
            "id": "CVE-2019-19092"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-804"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Identity information verification error vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "16c818d0-6316-4d81-aebc-cc619b40361e"
          },
          {
            "db": "IVD",
            "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17161"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Access control error",
        "sources": [
          {
            "db": "IVD",
            "id": "16c818d0-6316-4d81-aebc-cc619b40361e"
          },
          {
            "db": "IVD",
            "id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-804"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202004-0861

    Vulnerability from variot - Updated: 2024-11-23 21:35

    The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. ABB eSOMS Exists in an inadequate protection of credentials.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company.

    ABB eSOMS has an information disclosure vulnerability that an attacker can use to obtain sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0861",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.2"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "6.0 \u304b\u3089 6.0.2"
          },
          {
            "model": "esoms",
            "scope": null,
            "trust": 0.6,
            "vendor": "abb",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
          },
          {
            "db": "IVD",
            "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19096"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          }
        ]
      },
      "cve": "CVE-2019-19096",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-19096",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015248",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-17172",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-151508",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-19096",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015248",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19096",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19096",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015248",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17172",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-795",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151508",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
          },
          {
            "db": "IVD",
            "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151508"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-795"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19096"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19096"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality. ABB eSOMS Exists in an inadequate protection of credentials.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an information disclosure vulnerability that an attacker can use to obtain sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17172"
          },
          {
            "db": "IVD",
            "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
          },
          {
            "db": "IVD",
            "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151508"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19096",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17172",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-795",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015248",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "798258FB-844E-4E7B-B6D9-0B8A76988A66",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "6494B1E2-A483-4DB1-A27A-DCD10EA046ED",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151508",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
          },
          {
            "db": "IVD",
            "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151508"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-795"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19096"
          }
        ]
      },
      "id": "VAR-202004-0861",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
          },
          {
            "db": "IVD",
            "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151508"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
          },
          {
            "db": "IVD",
            "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17172"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:55.047000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17172)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/208953"
          },
          {
            "title": "ABB eSOMS Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112310"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-795"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-522",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-257",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151508"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19096"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19096"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19096"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151508"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-795"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19096"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
          },
          {
            "db": "IVD",
            "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151508"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-795"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19096"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
          },
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17172"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151508"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-795"
          },
          {
            "date": "2020-04-02T20:15:15.143000",
            "db": "NVD",
            "id": "CVE-2019-19096"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17172"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151508"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-795"
          },
          {
            "date": "2024-11-21T04:34:11.627000",
            "db": "NVD",
            "id": "CVE-2019-19096"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-795"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Vulnerability regarding inadequate protection of credentials in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015248"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "IVD",
            "id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
          },
          {
            "db": "IVD",
            "id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-795"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202004-0855

    Vulnerability from variot - Updated: 2024-11-23 21:35

    For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. ABB eSOMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker can use this vulnerability to obtain cookie information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0855",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.2"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "4.0"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "4.0 \u304b\u3089 6.0.2"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "abb",
            "version": "\u003c=6.0.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
          },
          {
            "db": "IVD",
            "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19090"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          }
        ]
      },
      "cve": "CVE-2019-19090",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "CVE-2019-19090",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015255",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-19561",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "VHN-151502",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.1,
                "id": "CVE-2019-19090",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "baseSeverity": "Low",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015255",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19090",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19090",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015255",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19561",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-806",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151502",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
          },
          {
            "db": "IVD",
            "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-806"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19090"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19090"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. ABB eSOMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker can use this vulnerability to obtain cookie information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19561"
          },
          {
            "db": "IVD",
            "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
          },
          {
            "db": "IVD",
            "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151502"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19090",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19561",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-806",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015255",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "CD49A2ED-01DC-4E1E-AC5D-844ED81C8479",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "360F58FD-3BB0-4C6E-8F10-BD08EE40C271",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151502",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
          },
          {
            "db": "IVD",
            "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-806"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19090"
          }
        ]
      },
      "id": "VAR-202004-0855",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
          },
          {
            "db": "IVD",
            "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151502"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
          },
          {
            "db": "IVD",
            "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19561"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:55.007000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19561)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/211045"
          },
          {
            "title": "ABB eSOMS Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112324"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-806"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-311",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-16",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19090"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19090"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19090"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-806"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19090"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
          },
          {
            "db": "IVD",
            "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-806"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19090"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19561"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151502"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-806"
          },
          {
            "date": "2020-04-02T20:15:14.737000",
            "db": "NVD",
            "id": "CVE-2019-19090"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19561"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151502"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-806"
          },
          {
            "date": "2024-11-21T04:34:10.913000",
            "db": "NVD",
            "id": "CVE-2019-19090"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-806"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Vulnerability regarding lack of encryption of critical data in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015255"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Configuration error",
        "sources": [
          {
            "db": "IVD",
            "id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
          },
          {
            "db": "IVD",
            "id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-806"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202004-0850

    Vulnerability from variot - Updated: 2024-11-23 21:35

    For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company.

    ABB eSOMS has an information disclosure vulnerability, which can be exploited by attackers to conduct cross-site scripting attacks. The vulnerability is caused by the response from the web server not setting the X-XSS-Protection HTTP response header and some old browsers do not support Content Security Policy

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0850",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.3"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "4.0"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "4.0 \u304b\u3089 6.0.3"
          },
          {
            "model": "esoms",
            "scope": null,
            "trust": 0.6,
            "vendor": "abb",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
          },
          {
            "db": "IVD",
            "id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015250"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19000"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015250"
          }
        ]
      },
      "cve": "CVE-2019-19000",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-19000",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015250",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-17168",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "a9521391-8cd5-4d08-97ad-c61df08347cf",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "b83da059-72a8-4a49-8f12-c32942ea1a67",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-151403",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-19000",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015250",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19000",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19000",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015250",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17168",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-817",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "a9521391-8cd5-4d08-97ad-c61df08347cf",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "b83da059-72a8-4a49-8f12-c32942ea1a67",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151403",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
          },
          {
            "db": "IVD",
            "id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-817"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19000"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19000"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an information disclosure vulnerability, which can be exploited by attackers to conduct cross-site scripting attacks. The vulnerability is caused by the response from the web server not setting the X-XSS-Protection HTTP response header and some old browsers do not support Content Security Policy",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19000"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015250"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          },
          {
            "db": "IVD",
            "id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
          },
          {
            "db": "IVD",
            "id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151403"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19000",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17168",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-817",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015250",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "A9521391-8CD5-4D08-97AD-C61DF08347CF",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "B83DA059-72A8-4A49-8F12-C32942EA1A67",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151403",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
          },
          {
            "db": "IVD",
            "id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-817"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19000"
          }
        ]
      },
      "id": "VAR-202004-0850",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
          },
          {
            "db": "IVD",
            "id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151403"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
          },
          {
            "db": "IVD",
            "id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:54.969000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS information disclosure vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/208961"
          },
          {
            "title": "ABB eSOMS Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112338"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-817"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-16",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-202",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015250"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19000"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19000"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19000"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-817"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19000"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
          },
          {
            "db": "IVD",
            "id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-817"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19000"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
          },
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151403"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015250"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-817"
          },
          {
            "date": "2020-04-02T20:15:13.863000",
            "db": "NVD",
            "id": "CVE-2019-19000"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151403"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015250"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-817"
          },
          {
            "date": "2024-11-21T04:33:58.133000",
            "db": "NVD",
            "id": "CVE-2019-19000"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-817"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
          },
          {
            "db": "IVD",
            "id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17168"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-817"
          }
        ],
        "trust": 1.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-817"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0862

    Vulnerability from variot - Updated: 2024-11-23 21:35

    ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. ABB eSOMS There is a cryptographic strength vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0862",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.3"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "4.0"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "4.0 \u304b\u3089 6.0.3"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "abb",
            "version": "\u003c=6.0.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
          },
          {
            "db": "IVD",
            "id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015249"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19097"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015249"
          }
        ]
      },
      "cve": "CVE-2019-19097",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19097",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015249",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-19563",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-151509",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-19097",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "cybersecurity@ch.abb.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2019-19097",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015249",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19097",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19097",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015249",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19563",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-793",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151509",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
          },
          {
            "db": "IVD",
            "id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151509"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-793"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19097"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19097"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. ABB eSOMS There is a cryptographic strength vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          },
          {
            "db": "IVD",
            "id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
          },
          {
            "db": "IVD",
            "id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151509"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19097",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19563",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-793",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015249",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "043041AB-7AC2-4228-B18B-C9AB72A51AA1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "53F47CCD-AF62-4DC3-8AF3-BFCB64BCD5F1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151509",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
          },
          {
            "db": "IVD",
            "id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151509"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-793"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19097"
          }
        ]
      },
      "id": "VAR-202004-0862",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
          },
          {
            "db": "IVD",
            "id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151509"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
          },
          {
            "db": "IVD",
            "id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:54.931000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS encryption problem vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/211051"
          },
          {
            "title": "ABB eSOMS Fixes for encryption problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112308"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-793"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-326",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-16",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151509"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015249"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19097"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19097"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19097"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151509"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-793"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19097"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
          },
          {
            "db": "IVD",
            "id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151509"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-793"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19097"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151509"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015249"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-793"
          },
          {
            "date": "2020-04-02T20:15:15.253000",
            "db": "NVD",
            "id": "CVE-2019-19097"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151509"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015249"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-793"
          },
          {
            "date": "2024-11-21T04:34:11.743000",
            "db": "NVD",
            "id": "CVE-2019-19097"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-793"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS encryption problem vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19563"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-793"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-793"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0856

    Vulnerability from variot - Updated: 2024-11-23 21:35

    For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from network system or product configuration errors during operation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0856",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.3"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "4.0"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "4.0 \u304b\u3089 6.0.3"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "abb",
            "version": "\u003c=6.0.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
          },
          {
            "db": "IVD",
            "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19091"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          }
        ]
      },
      "cve": "CVE-2019-19091",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-19091",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015256",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-17169",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-151503",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19091",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015256",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19091",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19091",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015256",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17169",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-805",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151503",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
          },
          {
            "db": "IVD",
            "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17169"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-805"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19091"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19091"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from network system or product configuration errors during operation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19091"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17169"
          },
          {
            "db": "IVD",
            "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
          },
          {
            "db": "IVD",
            "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151503"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19091",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17169",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-805",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015256",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "5F6157C0-9364-49C7-8195-32FEF00C5E5E",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "5865C71B-BC17-4D05-A1EA-EC4FF57AD2EB",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151503",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
          },
          {
            "db": "IVD",
            "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17169"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-805"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19091"
          }
        ]
      },
      "id": "VAR-202004-0856",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
          },
          {
            "db": "IVD",
            "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17169"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151503"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
          },
          {
            "db": "IVD",
            "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17169"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:54.893000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17169)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/208959"
          },
          {
            "title": "ABB eSOMS Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112322"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-805"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-16",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-202",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19091"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19091"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19091"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17169"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-805"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19091"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
          },
          {
            "db": "IVD",
            "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17169"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-805"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19091"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
          },
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17169"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151503"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-805"
          },
          {
            "date": "2020-04-02T20:15:14.817000",
            "db": "NVD",
            "id": "CVE-2019-19091"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17169"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151503"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-805"
          },
          {
            "date": "2024-11-21T04:34:11.033000",
            "db": "NVD",
            "id": "CVE-2019-19091"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-805"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Vulnerability regarding information leakage in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015256"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-805"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0851

    Vulnerability from variot - Updated: 2024-11-23 21:35

    For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. ABB eSOMS Is vulnerable to improper restrictions on rendered user interface layers or frames.Information may be obtained. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. There is a misconfiguration vulnerability in ABB eSOMS 4.0 to 6.0.2

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0851",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.2"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "4.0"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "4.0 \u304b\u3089 6.0.2"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "abb",
            "version": "\u003c=6.0.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
          },
          {
            "db": "IVD",
            "id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19564"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19001"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          }
        ]
      },
      "cve": "CVE-2019-19001",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19001",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015251",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-19564",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "fb967c1b-5c46-4015-bace-1d398b4eb40d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-151404",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19001",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015251",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19001",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19001",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015251",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19564",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-814",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "fb967c1b-5c46-4015-bace-1d398b4eb40d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151404",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
          },
          {
            "db": "IVD",
            "id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19564"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-814"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19001"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19001"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. ABB eSOMS Is vulnerable to improper restrictions on rendered user interface layers or frames.Information may be obtained. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. There is a misconfiguration vulnerability in ABB eSOMS 4.0 to 6.0.2",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19564"
          },
          {
            "db": "IVD",
            "id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
          },
          {
            "db": "IVD",
            "id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151404"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19001",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19564",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-814",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015251",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "B3BC4F61-5293-4F8A-8374-A16D93D111FF",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "FB967C1B-5C46-4015-BACE-1D398B4EB40D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151404",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
          },
          {
            "db": "IVD",
            "id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19564"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-814"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19001"
          }
        ]
      },
      "id": "VAR-202004-0851",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
          },
          {
            "db": "IVD",
            "id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19564"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151404"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
          },
          {
            "db": "IVD",
            "id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19564"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:54.855000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS has unknown vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/211035"
          },
          {
            "title": "ABB eSOMS Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112334"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19564"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-814"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-1021",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-16",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19001"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19001"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19001"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19564"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-814"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19001"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
          },
          {
            "db": "IVD",
            "id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19564"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-814"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19001"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19564"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151404"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-814"
          },
          {
            "date": "2020-04-02T20:15:13.940000",
            "db": "NVD",
            "id": "CVE-2019-19001"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19564"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151404"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-814"
          },
          {
            "date": "2024-11-21T04:33:58.243000",
            "db": "NVD",
            "id": "CVE-2019-19001"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-814"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Vulnerability regarding improper restrictions on rendered user interface layers or frames in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015251"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Configuration error",
        "sources": [
          {
            "db": "IVD",
            "id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
          },
          {
            "db": "IVD",
            "id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-814"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202004-0860

    Vulnerability from variot - Updated: 2024-11-23 21:35

    Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0860",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.2"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "4.0"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "4.0 \u304b\u3089 6.0.2"
          },
          {
            "model": "esoms",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "abb",
            "version": "\u003c=6.0.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esoms",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
          },
          {
            "db": "IVD",
            "id": "31776109-1203-4caf-b9d6-c8078168a94d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015245"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19095"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:esoms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015245"
          }
        ]
      },
      "cve": "CVE-2019-19095",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2019-19095",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015245",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-17171",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "31776109-1203-4caf-b9d6-c8078168a94d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-151507",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2019-19095",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015245",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19095",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2019-19095",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015245",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17171",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-799",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "31776109-1203-4caf-b9d6-c8078168a94d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151507",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
          },
          {
            "db": "IVD",
            "id": "31776109-1203-4caf-b9d6-c8078168a94d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151507"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015245"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-799"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19095"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19095"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19095"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015245"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          },
          {
            "db": "IVD",
            "id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
          },
          {
            "db": "IVD",
            "id": "31776109-1203-4caf-b9d6-c8078168a94d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151507"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19095",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-072-01",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17171",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-799",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015245",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0929",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "8A7ABFC8-13A1-4324-8D1B-8FEE43EC6954",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "31776109-1203-4CAF-B9D6-C8078168A94D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-151507",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
          },
          {
            "db": "IVD",
            "id": "31776109-1203-4caf-b9d6-c8078168a94d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151507"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015245"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-799"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19095"
          }
        ]
      },
      "id": "VAR-202004-0860",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
          },
          {
            "db": "IVD",
            "id": "31776109-1203-4caf-b9d6-c8078168a94d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151507"
          }
        ],
        "trust": 1.8258065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
          },
          {
            "db": "IVD",
            "id": "31776109-1203-4caf-b9d6-c8078168a94d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:54.817000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ABBVU-PGGA-2018035",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB eSOMS cross-site scripting vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/208955"
          },
          {
            "title": "ABB eSOMS Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112314"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015245"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-799"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151507"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015245"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19095"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19095"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19095"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151507"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015245"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-799"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19095"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
          },
          {
            "db": "IVD",
            "id": "31776109-1203-4caf-b9d6-c8078168a94d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151507"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015245"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-799"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19095"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "IVD",
            "id": "31776109-1203-4caf-b9d6-c8078168a94d"
          },
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          },
          {
            "date": "2020-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151507"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015245"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-799"
          },
          {
            "date": "2020-04-02T20:15:15.067000",
            "db": "NVD",
            "id": "CVE-2019-19095"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151507"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015245"
          },
          {
            "date": "2020-04-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-799"
          },
          {
            "date": "2024-11-21T04:34:11.510000",
            "db": "NVD",
            "id": "CVE-2019-19095"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-799"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB eSOMS Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
          },
          {
            "db": "IVD",
            "id": "31776109-1203-4caf-b9d6-c8078168a94d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17171"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-799"
          }
        ],
        "trust": 1.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-799"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202106-1440

    Vulnerability from variot - Updated: 2024-08-14 14:20

    Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1440",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0"
          },
          {
            "model": "esoms",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.1.4"
          },
          {
            "model": "esoms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.1"
          },
          {
            "model": "esoms",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hitachienergy",
            "version": "6.0.4.2.2"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": null
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "6.0  that\u0027s all  6.0.4.2.2"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "6.1  that\u0027s all  6.1.4"
          },
          {
            "model": "esoms",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "6.3"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012369"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-26845"
          }
        ]
      },
      "cve": "CVE-2021-26845",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-26845",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-386007",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-26845",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-012369",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-26845",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2021-26845",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-26845",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-1168",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-386007",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-386007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012369"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1168"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-26845"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-26845"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-26845"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012369"
          },
          {
            "db": "VULHUB",
            "id": "VHN-386007"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-26845",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-077-02",
            "trust": 1.4
          },
          {
            "db": "JVN",
            "id": "JVNVU96655623",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012369",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0971",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1168",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-386007",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-386007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012369"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1168"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-26845"
          }
        ]
      },
      "id": "VAR-202106-1440",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-386007"
          }
        ],
        "trust": 0.8258065
      },
      "last_update_date": "2024-08-14T14:20:24.290000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eSOMS\u00a0Report\u00a0Function\u00a0Vulnerability",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "ABB eSOMS Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144710"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012369"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1168"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-863",
            "trust": 1.1
          },
          {
            "problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-386007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012369"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-26845"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107991a8942\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-077-02"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96655623/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26845"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0971"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=9akk107991a8942\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-386007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012369"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1168"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-26845"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-386007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012369"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1168"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-26845"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-386007"
          },
          {
            "date": "2022-08-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-012369"
          },
          {
            "date": "2021-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-1168"
          },
          {
            "date": "2021-06-14T22:15:08.550000",
            "db": "NVD",
            "id": "CVE-2021-26845"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-386007"
          },
          {
            "date": "2022-08-30T04:56:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-012369"
          },
          {
            "date": "2021-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-1168"
          },
          {
            "date": "2023-05-16T20:21:29.777000",
            "db": "NVD",
            "id": "CVE-2021-26845"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1168"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hitachi\u00a0ABB\u00a0Power\u00a0Grids\u00a0eSOMS\u00a0 Fraud related to unauthorized authentication in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012369"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1168"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2019-19097 (GCVE-0-2019-19097)

    Vulnerability from nvd – Published: 2020-04-02 19:48 – Updated: 2024-08-05 02:09
    VLAI
    Title
    ABB eSOMS: SSL medium strength Cipher Suites
    Summary
    ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.
    CWE
    • CWE-16 - Configuration
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.210Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:48:26.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ABB eSOMS: SSL medium strength Cipher Suites",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19097",
              "STATE": "PUBLIC",
              "TITLE": "ABB eSOMS: SSL medium strength Cipher Suites"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-16 Configuration"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-326 Inadequate Encryption Strength"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19097",
        "datePublished": "2020-04-02T19:48:26.000Z",
        "dateReserved": "2019-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19096 (GCVE-0-2019-19096)

    Vulnerability from nvd – Published: 2020-04-02 19:48 – Updated: 2024-08-05 02:09
    VLAI
    Title
    ABB eSOMS: REDIS clear text credentials
    Summary
    The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.
    CWE
    • CWE-257 - Storing Passwords in a Recoverable Format
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 6.0 to 6.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.348Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0 to 6.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "CWE-257 Storing Passwords in a Recoverable Format",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:48:02.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ABB eSOMS: REDIS clear text credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19096",
              "STATE": "PUBLIC",
              "TITLE": "ABB eSOMS: REDIS clear text credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0 to 6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-257 Storing Passwords in a Recoverable Format"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19096",
        "datePublished": "2020-04-02T19:48:02.000Z",
        "dateReserved": "2019-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19095 (GCVE-0-2019-19095)

    Vulnerability from nvd – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
    VLAI
    Title
    ABB eSOMS: Stored XSS vulnerability
    Summary
    Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:47:46.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ABB eSOMS: Stored XSS vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19095",
              "STATE": "PUBLIC",
              "TITLE": "ABB eSOMS: Stored XSS vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19095",
        "datePublished": "2020-04-02T19:47:46.000Z",
        "dateReserved": "2019-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19094 (GCVE-0-2019-19094)

    Vulnerability from nvd – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
    VLAI
    Title
    ABB eSOMS: SQL injection vulnerability
    Summary
    Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
    CWE
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 3.9 to 6.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.9 to 6.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:47:32.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ABB eSOMS: SQL injection vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19094",
              "STATE": "PUBLIC",
              "TITLE": "ABB eSOMS: SQL injection vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.9 to 6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19094",
        "datePublished": "2020-04-02T19:47:32.000Z",
        "dateReserved": "2019-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19093 (GCVE-0-2019-19093)

    Vulnerability from nvd – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
    VLAI
    Title
    ABB eSOMS: Password complexity issue
    Summary
    eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.388Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:47:23.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ABB eSOMS: Password complexity issue",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19093",
              "STATE": "PUBLIC",
              "TITLE": "ABB eSOMS: Password complexity issue"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-521 Weak Password Requirements"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "solution": [
              {
                "lang": "en"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19093",
        "datePublished": "2020-04-02T19:47:23.000Z",
        "dateReserved": "2019-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19092 (GCVE-0-2019-19092)

    Vulnerability from nvd – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
    VLAI
    Title
    ABB eSOMS: Viewstate without MAC Signature
    Summary
    ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.
    CWE
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:47:07.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ABB eSOMS: Viewstate without MAC Signature",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19092",
              "STATE": "PUBLIC",
              "TITLE": "ABB eSOMS: Viewstate without MAC Signature"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-16 Configuration"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19092",
        "datePublished": "2020-04-02T19:47:07.000Z",
        "dateReserved": "2019-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19091 (GCVE-0-2019-19091)

    Vulnerability from nvd – Published: 2020-04-02 19:46 – Updated: 2024-08-05 02:09
    VLAI
    Title
    ABB eSOMS: HTTP response information leakage
    Summary
    For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.
    CWE
    • CWE-16 - Configuration
    • CWE-202 - Exposure of Sensitive Data Through Data Queries
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.345Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-202",
                  "description": "CWE-202 Exposure of Sensitive Data Through Data Queries",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:46:55.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ABB eSOMS: HTTP response information leakage",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19091",
              "STATE": "PUBLIC",
              "TITLE": "ABB eSOMS: HTTP response information leakage"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-16 Configuration"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-202 Exposure of Sensitive Data Through Data Queries"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19091",
        "datePublished": "2020-04-02T19:46:55.000Z",
        "dateReserved": "2019-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19090 (GCVE-0-2019-19090)

    Vulnerability from nvd – Published: 2020-04-02 19:46 – Updated: 2024-08-05 02:09
    VLAI
    Title
    ABB eSOMS: Secure Flag not set
    Summary
    For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.
    CWE
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:38.942Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:46:45.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ABB eSOMS: Secure Flag not set",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19090",
              "STATE": "PUBLIC",
              "TITLE": "ABB eSOMS: Secure Flag not set"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-16 Configuration"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19090",
        "datePublished": "2020-04-02T19:46:45.000Z",
        "dateReserved": "2019-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:38.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19089 (GCVE-0-2019-19089)

    Vulnerability from nvd – Published: 2020-04-02 19:46 – Updated: 2024-08-05 02:09
    VLAI
    Title
    eSOMS: X-Content-Type-Options Header Missing
    Summary
    For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript.
    CWE
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:46:36.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "eSOMS: X-Content-Type-Options Header Missing",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19089",
              "STATE": "PUBLIC",
              "TITLE": "eSOMS: X-Content-Type-Options Header Missing"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-16 Configuration"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19089",
        "datePublished": "2020-04-02T19:46:36.000Z",
        "dateReserved": "2019-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19003 (GCVE-0-2019-19003)

    Vulnerability from nvd – Published: 2020-04-02 19:46 – Updated: 2024-08-05 02:02
    VLAI
    Title
    ABB eSOMS: HTTPOnly flag not set
    Summary
    For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.
    CWE
    • CWE-16 - Configuration
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.846Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:46:29.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ABB eSOMS: HTTPOnly flag not set",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19003",
              "STATE": "PUBLIC",
              "TITLE": "ABB eSOMS: HTTPOnly flag not set"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-16 Configuration"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19003",
        "datePublished": "2020-04-02T19:46:29.000Z",
        "dateReserved": "2019-11-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:02:39.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19002 (GCVE-0-2019-19002)

    Vulnerability from nvd – Published: 2020-04-02 19:50 – Updated: 2024-08-05 02:02
    VLAI
    Title
    ABB eSOMS X-XSS-Protection not enabled
    Summary
    For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.
    CWE
    • CWE-16 - Configuration
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:50:02.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ABB eSOMS X-XSS-Protection not enabled",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19002",
              "STATE": "PUBLIC",
              "TITLE": "ABB eSOMS X-XSS-Protection not enabled"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-16 Configuration"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19002",
        "datePublished": "2020-04-02T19:50:02.000Z",
        "dateReserved": "2019-11-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:02:39.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19001 (GCVE-0-2019-19001)

    Vulnerability from nvd – Published: 2020-04-02 19:49 – Updated: 2024-08-05 02:02
    VLAI
    Title
    eSOMS X-FrameOption
    Summary
    For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.
    CWE
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.815Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:49:55.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "eSOMS X-FrameOption",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19001",
              "STATE": "PUBLIC",
              "TITLE": "eSOMS X-FrameOption"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-16 Configuration"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19001",
        "datePublished": "2020-04-02T19:49:55.000Z",
        "dateReserved": "2019-11-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:02:39.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19000 (GCVE-0-2019-19000)

    Vulnerability from nvd – Published: 2020-04-02 19:49 – Updated: 2024-08-05 02:02
    VLAI
    Title
    eSOMS Cachecontrol (Pragma) HTTP Header
    Summary
    For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.
    CWE
    • CWE-16 - Configuration
    • CWE-202 - Exposure of Sensitive Data Through Data Queries
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4
    Affected: 5
    Affected: 6.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.758Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4"
                },
                {
                  "status": "affected",
                  "version": "5"
                },
                {
                  "status": "affected",
                  "version": "6.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-202",
                  "description": "CWE-202 Exposure of Sensitive Data Through Data Queries",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:49:35.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "eSOMS Cachecontrol (Pragma) HTTP Header",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19000",
              "STATE": "PUBLIC",
              "TITLE": "eSOMS Cachecontrol (Pragma) HTTP Header"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4"
                              },
                              {
                                "version_value": "5"
                              },
                              {
                                "version_value": "6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-16 Configuration"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-202 Exposure of Sensitive Data Through Data Queries"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19000",
        "datePublished": "2020-04-02T19:49:35.000Z",
        "dateReserved": "2019-11-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:02:39.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19002 (GCVE-0-2019-19002)

    Vulnerability from cvelistv5 – Published: 2020-04-02 19:50 – Updated: 2024-08-05 02:02
    VLAI
    Title
    ABB eSOMS X-XSS-Protection not enabled
    Summary
    For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.
    CWE
    • CWE-16 - Configuration
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:50:02.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ABB eSOMS X-XSS-Protection not enabled",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19002",
              "STATE": "PUBLIC",
              "TITLE": "ABB eSOMS X-XSS-Protection not enabled"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-16 Configuration"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19002",
        "datePublished": "2020-04-02T19:50:02.000Z",
        "dateReserved": "2019-11-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:02:39.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19001 (GCVE-0-2019-19001)

    Vulnerability from cvelistv5 – Published: 2020-04-02 19:49 – Updated: 2024-08-05 02:02
    VLAI
    Title
    eSOMS X-FrameOption
    Summary
    For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.
    CWE
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB eSOMS Affected: 4.0 to 6.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.815Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eSOMS",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 to 6.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-02T19:49:55.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "eSOMS X-FrameOption",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19001",
              "STATE": "PUBLIC",
              "TITLE": "eSOMS X-FrameOption"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eSOMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 to 6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-16 Configuration"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19001",
        "datePublished": "2020-04-02T19:49:55.000Z",
        "dateReserved": "2019-11-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:02:39.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }