Search criteria
54 vulnerabilities found for esoms by hitachienergy
VAR-201808-0397
Vulnerability from variot - Updated: 2024-11-23 22:45ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. ABB eSOMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS 6.0.2 version has an authorization vulnerability. Attackers can use this vulnerability to gain unauthorized access to the system. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0397",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "eq",
"trust": 2.3,
"vendor": "abb",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14805",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-28496",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125001",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14805",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14805",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14805",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-28496",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-904",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125001",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. ABB eSOMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS 6.0.2 version has an authorization vulnerability. Attackers can use this vulnerability to gain unauthorized access to the system. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "VULHUB",
"id": "VHN-125001"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-18-240-04",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2018-14805",
"trust": 3.4
},
{
"db": "BID",
"id": "105169",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28496",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-98908",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-125001",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"id": "VAR-201808-0397",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
}
],
"trust": 1.4258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
}
]
},
"last_update_date": "2024-11-23T22:45:15.523000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018030",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-240-04"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105169"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14805"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14805"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"date": "2018-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-125001"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105169"
},
{
"date": "2018-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"date": "2018-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"date": "2018-08-29T16:29:00.217000",
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125001"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105169"
},
{
"date": "2018-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"date": "2024-11-21T03:49:50.063000",
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
}
}
VAR-202004-0858
Vulnerability from variot - Updated: 2024-11-23 21:35eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. ABB eSOMS There is a vulnerability in requesting a weak password.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker could exploit this vulnerability to gain access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0858",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
}
]
},
"cve": "CVE-2019-19093",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-19093",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015258",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19562",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-151505",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-19093",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015258",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19093",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19093",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015258",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19562",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-802",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151505",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. ABB eSOMS There is a vulnerability in requesting a weak password.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker could exploit this vulnerability to gain access",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "VULHUB",
"id": "VHN-151505"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19093",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19562",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "176B77D1-77AD-47C4-84BE-1B3053F8392C",
"trust": 0.2
},
{
"db": "IVD",
"id": "38DFBFD7-D2E5-4AAB-B361-EED6A4A18CCD",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151505",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"id": "VAR-202004-0858",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
}
]
},
"last_update_date": "2024-11-23T21:35:58.793000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS weak password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211047"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112318"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19093"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19093"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151505"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"date": "2020-04-02T20:15:14.940000",
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151505"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"date": "2024-11-21T04:34:11.277000",
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Weak password vulnerability",
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
],
"trust": 1.0
}
}
VAR-202004-0853
Vulnerability from variot - Updated: 2024-11-23 21:35For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has a security vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0853",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
}
]
},
"cve": "CVE-2019-19003",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-19003",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015253",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19566",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3f144945-21d7-4c04-88a4-23b9959852a0",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-151406",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-19003",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-19003",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015253",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19003",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19003",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015253",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19566",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-809",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151406",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has a security vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "VULHUB",
"id": "VHN-151406"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19003",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19566",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "B8FF984B-8752-4A47-AC75-7EB69E8E792D",
"trust": 0.2
},
{
"db": "IVD",
"id": "3F144945-21D7-4C04-88A4-23B9959852A0",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151406",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"id": "VAR-202004-0853",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
}
]
},
"last_update_date": "2024-11-23T21:35:58.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19566)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211039"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112330"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
},
{
"problemtype": "CWE-16",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19003"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151406"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"date": "2020-04-02T20:15:14.097000",
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151406"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"date": "2024-11-21T04:33:58.477000",
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
],
"trust": 0.6
}
}
VAR-202004-0868
Vulnerability from variot - Updated: 2024-11-23 21:35For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. ABB eSOMS There is an injection vulnerability in.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of X-Content-Type-Options header in the HTTP response. An attacker can use this vulnerability to execute unauthorized code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0868",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
}
]
},
"cve": "CVE-2019-19089",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-19089",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015254",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19567",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "733edc59-907e-4d35-8ebb-75deadc436d1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-151500",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-19089",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015254",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19089",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19089",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015254",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19567",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-807",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151500",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. ABB eSOMS There is an injection vulnerability in.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of X-Content-Type-Options header in the HTTP response. An attacker can use this vulnerability to execute unauthorized code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19089"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "VULHUB",
"id": "VHN-151500"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19089",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19567",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "9F1A70B1-8EF2-4562-83A9-AC88340B0794",
"trust": 0.2
},
{
"db": "IVD",
"id": "733EDC59-907E-4D35-8EBB-75DEADC436D1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151500",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"id": "VAR-202004-0868",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
}
]
},
"last_update_date": "2024-11-23T21:35:58.716000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19567)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211043"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=112326"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-436",
"trust": 1.1
},
{
"problemtype": "CWE-94",
"trust": 1.1
},
{
"problemtype": "CWE-16",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19089"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19089"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"db": "VULHUB",
"id": "VHN-151500"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
},
{
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "9f1a70b1-8ef2-4562-83a9-ac88340b0794"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "733edc59-907e-4d35-8ebb-75deadc436d1"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151500"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-807"
},
{
"date": "2020-04-02T20:15:14.423000",
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19567"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-151500"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015254"
},
{
"date": "2023-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-807"
},
{
"date": "2024-11-21T04:34:10.793000",
"db": "NVD",
"id": "CVE-2019-19089"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Injection vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015254"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-807"
}
],
"trust": 0.6
}
}
VAR-202004-0859
Vulnerability from variot - Updated: 2024-11-23 21:35Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. ABB eSOMS To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "3.9"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "3.9 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
}
]
},
"cve": "CVE-2019-19094",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-19094",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015259",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17170",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "4613df6f-8ac8-42da-9f71-55237dee5239",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-151506",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-19094",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015259",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-015259",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17170",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-800",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-151506",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. ABB eSOMS To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19094"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "VULHUB",
"id": "VHN-151506"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19094",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17170",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "70EA6001-AE3E-4CE3-AB25-A33D786D1379",
"trust": 0.2
},
{
"db": "IVD",
"id": "4613DF6F-8AC8-42DA-9F71-55237DEE5239",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151506",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"id": "VAR-202004-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
}
]
},
"last_update_date": "2024-11-23T21:35:58.677000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/208957"
},
{
"title": "ABB eSOMS SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112316"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19094"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19094"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "VULHUB",
"id": "VHN-151506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
},
{
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151506"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-800"
},
{
"date": "2020-04-02T20:15:15.017000",
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151506"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015259"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-800"
},
{
"date": "2024-11-21T04:34:11.393000",
"db": "NVD",
"id": "CVE-2019-19094"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17170"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "70ea6001-ae3e-4ce3-ab25-a33d786d1379"
},
{
"db": "IVD",
"id": "4613df6f-8ac8-42da-9f71-55237dee5239"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-800"
}
],
"trust": 1.0
}
}
VAR-202004-0852
Vulnerability from variot - Updated: 2024-11-23 21:35For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0852",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
}
]
},
"cve": "CVE-2019-19002",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2019-19002",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015252",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19565",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-151405",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2019-19002",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2019-19002",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015252",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19002",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19002",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015252",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19565",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-812",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151405",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19002"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "VULHUB",
"id": "VHN-151405"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19002",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19565",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "CF8EE712-306F-4E13-AC79-76FE31F5ECDD",
"trust": 0.2
},
{
"db": "IVD",
"id": "36CB39CF-844F-4BC2-AEB5-60BF5A28B69C",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151405",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"id": "VAR-202004-0852",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
}
]
},
"last_update_date": "2024-11-23T21:35:58.638000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19565)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211037"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112332"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
},
{
"problemtype": "CWE-16",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19002"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"db": "VULHUB",
"id": "VHN-151405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
},
{
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "cf8ee712-306f-4e13-ac79-76fe31f5ecdd"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "36cb39cf-844f-4bc2-aeb5-60bf5a28b69c"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151405"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-812"
},
{
"date": "2020-04-02T20:15:14.003000",
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19565"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151405"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015252"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-812"
},
{
"date": "2024-11-21T04:33:58.357000",
"db": "NVD",
"id": "CVE-2019-19002"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015252"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-812"
}
],
"trust": 0.6
}
}
VAR-202004-0857
Vulnerability from variot - Updated: 2024-11-23 21:35ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. ABB eSOMS There is a vulnerability in the lack of authentication for critical features.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has an identity information verification error vulnerability that an attacker can use to change the Viewstate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0857",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
}
]
},
"cve": "CVE-2019-19092",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2019-19092",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015257",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17161",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "16c818d0-6316-4d81-aebc-cc619b40361e",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-151504",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2019-19092",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015257",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19092",
"trust": 1.0,
"value": "LOW"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19092",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "JVNDB-2019-015257",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2020-17161",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-804",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-151504",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. ABB eSOMS There is a vulnerability in the lack of authentication for critical features.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an identity information verification error vulnerability that an attacker can use to change the Viewstate",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19092"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "VULHUB",
"id": "VHN-151504"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19092",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17161",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "16C818D0-6316-4D81-AEBC-CC619B40361E",
"trust": 0.2
},
{
"db": "IVD",
"id": "F45F88DD-73BA-4DD3-B85C-1B8D50809BF4",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151504",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"id": "VAR-202004-0857",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
}
]
},
"last_update_date": "2024-11-23T21:35:58.599000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS Identity Information Verification Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/208951"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112320"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
},
{
"problemtype": "CWE-16",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19092"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19092"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"db": "VULHUB",
"id": "VHN-151504"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
},
{
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151504"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-804"
},
{
"date": "2020-04-02T20:15:14.877000",
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17161"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151504"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015257"
},
{
"date": "2020-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-804"
},
{
"date": "2024-11-21T04:34:11.157000",
"db": "NVD",
"id": "CVE-2019-19092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Identity information verification error vulnerability",
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNVD",
"id": "CNVD-2020-17161"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "16c818d0-6316-4d81-aebc-cc619b40361e"
},
{
"db": "IVD",
"id": "f45f88dd-73ba-4dd3-b85c-1b8d50809bf4"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-804"
}
],
"trust": 1.0
}
}
VAR-202004-0861
Vulnerability from variot - Updated: 2024-11-23 21:35The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. ABB eSOMS Exists in an inadequate protection of credentials.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has an information disclosure vulnerability that an attacker can use to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0861",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0"
},
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
}
]
},
"cve": "CVE-2019-19096",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-19096",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015248",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17172",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-151508",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-19096",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015248",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19096",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19096",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015248",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-795",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151508",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality. ABB eSOMS Exists in an inadequate protection of credentials.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an information disclosure vulnerability that an attacker can use to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "VULHUB",
"id": "VHN-151508"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19096",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17172",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "798258FB-844E-4E7B-B6D9-0B8A76988A66",
"trust": 0.2
},
{
"db": "IVD",
"id": "6494B1E2-A483-4DB1-A27A-DCD10EA046ED",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151508",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"id": "VAR-202004-0861",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
}
]
},
"last_update_date": "2024-11-23T21:35:55.047000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17172)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/208953"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112310"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.9
},
{
"problemtype": "CWE-257",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19096"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19096"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"db": "VULHUB",
"id": "VHN-151508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
},
{
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151508"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-795"
},
{
"date": "2020-04-02T20:15:15.143000",
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17172"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151508"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015248"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-795"
},
{
"date": "2024-11-21T04:34:11.627000",
"db": "NVD",
"id": "CVE-2019-19096"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding inadequate protection of credentials in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015248"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "798258fb-844e-4e7b-b6d9-0b8a76988a66"
},
{
"db": "IVD",
"id": "6494b1e2-a483-4db1-a27a-dcd10ea046ed"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-795"
}
],
"trust": 1.0
}
}
VAR-202004-0855
Vulnerability from variot - Updated: 2024-11-23 21:35For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. ABB eSOMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker can use this vulnerability to obtain cookie information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0855",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
}
]
},
"cve": "CVE-2019-19090",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2019-19090",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015255",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19561",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-151502",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2019-19090",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015255",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19090",
"trust": 1.0,
"value": "LOW"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19090",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "JVNDB-2019-015255",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2020-19561",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-806",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-151502",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. ABB eSOMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker can use this vulnerability to obtain cookie information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19090"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "VULHUB",
"id": "VHN-151502"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19090",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19561",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "CD49A2ED-01DC-4E1E-AC5D-844ED81C8479",
"trust": 0.2
},
{
"db": "IVD",
"id": "360F58FD-3BB0-4C6E-8F10-BD08EE40C271",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151502",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"id": "VAR-202004-0855",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
}
]
},
"last_update_date": "2024-11-23T21:35:55.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19561)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211045"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112324"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.9
},
{
"problemtype": "CWE-16",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19090"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19090"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"db": "VULHUB",
"id": "VHN-151502"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
},
{
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151502"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-806"
},
{
"date": "2020-04-02T20:15:14.737000",
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19561"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151502"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015255"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-806"
},
{
"date": "2024-11-21T04:34:10.913000",
"db": "NVD",
"id": "CVE-2019-19090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding lack of encryption of critical data in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015255"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration error",
"sources": [
{
"db": "IVD",
"id": "cd49a2ed-01dc-4e1e-ac5d-844ed81c8479"
},
{
"db": "IVD",
"id": "360f58fd-3bb0-4c6e-8f10-bd08ee40c271"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-806"
}
],
"trust": 1.0
}
}
VAR-202004-0850
Vulnerability from variot - Updated: 2024-11-23 21:35For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has an information disclosure vulnerability, which can be exploited by attackers to conduct cross-site scripting attacks. The vulnerability is caused by the response from the web server not setting the X-XSS-Protection HTTP response header and some old browsers do not support Content Security Policy
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0850",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
}
]
},
"cve": "CVE-2019-19000",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-19000",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015250",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17168",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-151403",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-19000",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015250",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19000",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19000",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015250",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17168",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-817",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151403",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has an information disclosure vulnerability, which can be exploited by attackers to conduct cross-site scripting attacks. The vulnerability is caused by the response from the web server not setting the X-XSS-Protection HTTP response header and some old browsers do not support Content Security Policy",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19000"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "VULHUB",
"id": "VHN-151403"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19000",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17168",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "A9521391-8CD5-4D08-97AD-C61DF08347CF",
"trust": 0.2
},
{
"db": "IVD",
"id": "B83DA059-72A8-4A49-8F12-C32942EA1A67",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151403",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"id": "VAR-202004-0850",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
}
]
},
"last_update_date": "2024-11-23T21:35:54.969000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/208961"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112338"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-16",
"trust": 1.0
},
{
"problemtype": "CWE-202",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19000"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19000"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "VULHUB",
"id": "VHN-151403"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
},
{
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151403"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-817"
},
{
"date": "2020-04-02T20:15:13.863000",
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151403"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015250"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-817"
},
{
"date": "2024-11-21T04:33:58.133000",
"db": "NVD",
"id": "CVE-2019-19000"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a9521391-8cd5-4d08-97ad-c61df08347cf"
},
{
"db": "IVD",
"id": "b83da059-72a8-4a49-8f12-c32942ea1a67"
},
{
"db": "CNVD",
"id": "CNVD-2020-17168"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-817"
}
],
"trust": 0.6
}
}
VAR-202004-0862
Vulnerability from variot - Updated: 2024-11-23 21:35ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. ABB eSOMS There is a cryptographic strength vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0862",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
}
]
},
"cve": "CVE-2019-19097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-19097",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015249",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19563",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-151509",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-19097",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2019-19097",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015249",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19097",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19097",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015249",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-19563",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-793",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-151509",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. ABB eSOMS There is a cryptographic strength vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "VULHUB",
"id": "VHN-151509"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19097",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19563",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "043041AB-7AC2-4228-B18B-C9AB72A51AA1",
"trust": 0.2
},
{
"db": "IVD",
"id": "53F47CCD-AF62-4DC3-8AF3-BFCB64BCD5F1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151509",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"id": "VAR-202004-0862",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
}
]
},
"last_update_date": "2024-11-23T21:35:54.931000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS encryption problem vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211051"
},
{
"title": "ABB eSOMS Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112308"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.9
},
{
"problemtype": "CWE-16",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19097"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "VULHUB",
"id": "VHN-151509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
},
{
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "043041ab-7ac2-4228-b18b-c9ab72a51aa1"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "53f47ccd-af62-4dc3-8af3-bfcb64bcd5f1"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151509"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-793"
},
{
"date": "2020-04-02T20:15:15.253000",
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151509"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015249"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-793"
},
{
"date": "2024-11-21T04:34:11.743000",
"db": "NVD",
"id": "CVE-2019-19097"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS encryption problem vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19563"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-793"
}
],
"trust": 0.6
}
}
VAR-202004-0856
Vulnerability from variot - Updated: 2024-11-23 21:35For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from network system or product configuration errors during operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0856",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
}
]
},
"cve": "CVE-2019-19091",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-19091",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015256",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17169",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-151503",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-19091",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015256",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19091",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19091",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015256",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17169",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-805",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151503",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from network system or product configuration errors during operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19091"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "VULHUB",
"id": "VHN-151503"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19091",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17169",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "5F6157C0-9364-49C7-8195-32FEF00C5E5E",
"trust": 0.2
},
{
"db": "IVD",
"id": "5865C71B-BC17-4D05-A1EA-EC4FF57AD2EB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151503",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"id": "VAR-202004-0856",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
}
]
},
"last_update_date": "2024-11-23T21:35:54.893000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17169)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/208959"
},
{
"title": "ABB eSOMS Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112322"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-16",
"trust": 1.0
},
{
"problemtype": "CWE-202",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19091"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19091"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"db": "VULHUB",
"id": "VHN-151503"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
},
{
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "5f6157c0-9364-49c7-8195-32fef00c5e5e"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151503"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-805"
},
{
"date": "2020-04-02T20:15:14.817000",
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17169"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151503"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015256"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-805"
},
{
"date": "2024-11-21T04:34:11.033000",
"db": "NVD",
"id": "CVE-2019-19091"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015256"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-805"
}
],
"trust": 0.6
}
}
VAR-202004-0851
Vulnerability from variot - Updated: 2024-11-23 21:35For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. ABB eSOMS Is vulnerable to improper restrictions on rendered user interface layers or frames.Information may be obtained. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. There is a misconfiguration vulnerability in ABB eSOMS 4.0 to 6.0.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0851",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
}
]
},
"cve": "CVE-2019-19001",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-19001",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015251",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19564",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-151404",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-19001",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015251",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19001",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19001",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015251",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19564",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-814",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151404",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow \u0027ClickJacking\u0027 attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. ABB eSOMS Is vulnerable to improper restrictions on rendered user interface layers or frames.Information may be obtained. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. There is a misconfiguration vulnerability in ABB eSOMS 4.0 to 6.0.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19001"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "VULHUB",
"id": "VHN-151404"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19001",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19564",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "B3BC4F61-5293-4F8A-8374-A16D93D111FF",
"trust": 0.2
},
{
"db": "IVD",
"id": "FB967C1B-5C46-4015-BACE-1D398B4EB40D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151404",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"id": "VAR-202004-0851",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
}
]
},
"last_update_date": "2024-11-23T21:35:54.855000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS has unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211035"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112334"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1021",
"trust": 1.8
},
{
"problemtype": "CWE-16",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19001"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19001"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"db": "VULHUB",
"id": "VHN-151404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
},
{
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151404"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-814"
},
{
"date": "2020-04-02T20:15:13.940000",
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19564"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151404"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015251"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-814"
},
{
"date": "2024-11-21T04:33:58.243000",
"db": "NVD",
"id": "CVE-2019-19001"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Vulnerability regarding improper restrictions on rendered user interface layers or frames in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015251"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration error",
"sources": [
{
"db": "IVD",
"id": "b3bc4f61-5293-4f8a-8374-a16d93d111ff"
},
{
"db": "IVD",
"id": "fb967c1b-5c46-4015-bace-1d398b4eb40d"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-814"
}
],
"trust": 1.0
}
}
VAR-202004-0860
Vulnerability from variot - Updated: 2024-11-23 21:35Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0860",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
}
]
},
"cve": "CVE-2019-19095",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2019-19095",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015245",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17171",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "31776109-1203-4caf-b9d6-c8078168a94d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-151507",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2019-19095",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015245",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19095",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19095",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015245",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17171",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-799",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151507",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19095"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "VULHUB",
"id": "VHN-151507"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19095",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17171",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "8A7ABFC8-13A1-4324-8D1B-8FEE43EC6954",
"trust": 0.2
},
{
"db": "IVD",
"id": "31776109-1203-4CAF-B9D6-C8078168A94D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151507",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"id": "VAR-202004-0860",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
}
]
},
"last_update_date": "2024-11-23T21:35:54.817000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/208955"
},
{
"title": "ABB eSOMS Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112314"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
},
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19095"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19095"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "VULHUB",
"id": "VHN-151507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
},
{
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151507"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-799"
},
{
"date": "2020-04-02T20:15:15.067000",
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151507"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015245"
},
{
"date": "2020-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-799"
},
{
"date": "2024-11-21T04:34:11.510000",
"db": "NVD",
"id": "CVE-2019-19095"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8a7abfc8-13a1-4324-8d1b-8fee43ec6954"
},
{
"db": "IVD",
"id": "31776109-1203-4caf-b9d6-c8078168a94d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17171"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-799"
}
],
"trust": 0.6
}
}
VAR-202106-1440
Vulnerability from variot - Updated: 2024-08-14 14:20Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1440",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0"
},
{
"model": "esoms",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.1.4"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.1"
},
{
"model": "esoms",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.4.2.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.0 that\u0027s all 6.0.4.2.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.1 that\u0027s all 6.1.4"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"cve": "CVE-2021-26845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-26845",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-386007",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-26845",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-012369",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-26845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-26845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-26845",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1168",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-386007",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26845"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "VULHUB",
"id": "VHN-386007"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-26845",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-077-02",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU96655623",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.0971",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-386007",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"id": "VAR-202106-1440",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
}
],
"trust": 0.8258065
},
"last_update_date": "2024-08-14T14:20:24.290000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eSOMS\u00a0Report\u00a0Function\u00a0Vulnerability",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "ABB eSOMS Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144710"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107991a8942\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-077-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96655623/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0971"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107991a8942\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-386007"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
},
{
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-386007"
},
{
"date": "2022-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"date": "2021-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1168"
},
{
"date": "2021-06-14T22:15:08.550000",
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-386007"
},
{
"date": "2022-08-30T04:56:00",
"db": "JVNDB",
"id": "JVNDB-2021-012369"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1168"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2021-26845"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi\u00a0ABB\u00a0Power\u00a0Grids\u00a0eSOMS\u00a0 Fraud related to unauthorized authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012369"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1168"
}
],
"trust": 0.6
}
}
VAR-202107-1226
Vulnerability from variot - Updated: 2024-08-14 12:37Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions. (CWE-522 , CVE-2021-35527) .Cross-site scripting in a third party or other application that has compromised your system XSS Password information may be stolen by a third party who exploits the vulnerability in). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A shift operation management system for the power generation industry
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.3.1"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acbabb\u30d1\u30ef\u30fc\u30b0\u30ea\u30c3\u30c9\u793e",
"version": null
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acbabb\u30d1\u30ef\u30fc\u30b0\u30ea\u30c3\u30c9\u793e",
"version": "6.3 and all previous s"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi ABB Power Grids reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
}
],
"trust": 0.6
},
"cve": "CVE-2021-35527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-35527",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-395860",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-35527",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002244",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-35527",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2021-35527",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002244",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1028",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-395860",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-35527",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions. (CWE-522 , CVE-2021-35527) .Cross-site scripting in a third party or other application that has compromised your system XSS Password information may be stolen by a third party who exploits the vulnerability in). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A shift operation management system for the power generation industry",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35527"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "VULMON",
"id": "CVE-2021-35527"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35527",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-210-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU98329583",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1028",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021073001",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2582",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-395860",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-35527",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
}
]
},
"id": "VAR-202107-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-395860"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:37:54.623000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cybersecurity\u00a0Advisory",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107992a0957\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98329583/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2582"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021073001"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107992a0957\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-395860"
},
{
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-35527"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-395860"
},
{
"date": "2021-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"date": "2021-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"date": "2021-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-14T14:15:08.937000",
"db": "NVD",
"id": "CVE-2021-35527"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-395860"
},
{
"date": "2021-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35527"
},
{
"date": "2021-08-03T01:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-002244"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-05-16T20:21:29.777000",
"db": "NVD",
"id": "CVE-2021-35527"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi\u00a0ABB\u00a0Power\u00a0Grids\u00a0 Made \u00a0eSOMS\u00a0 Credentials are not adequately protected",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002244"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 1.2
}
}
CVE-2023-5516 (GCVE-0-2023-5516)
Vulnerability from nvd – Published: 2023-11-01 02:54 – Updated: 2025-02-27 20:36
VLAI?
Summary
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing
information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,
backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:51.563697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:39.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"
}
],
"value": "\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:54:21.225Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5516",
"datePublished": "2023-11-01T02:54:21.225Z",
"dateReserved": "2023-10-11T01:30:14.840Z",
"dateUpdated": "2025-02-27T20:36:39.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5515 (GCVE-0-2023-5515)
Vulnerability from nvd – Published: 2023-11-01 02:49 – Updated: 2025-02-27 20:36
VLAI?
Summary
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against
web servers and deployed web applications.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:57.835378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:46.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"
}
],
"value": "\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:49:08.085Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5515",
"datePublished": "2023-11-01T02:49:08.085Z",
"dateReserved": "2023-10-11T01:30:12.236Z",
"dateUpdated": "2025-02-27T20:36:46.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5514 (GCVE-0-2023-5514)
Vulnerability from nvd – Published: 2023-11-01 02:40 – Updated: 2025-02-27 20:36
VLAI?
Summary
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be
abused for enumerating the local file system structure.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:59.290872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:52.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
}
],
"value": "\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:40:53.285Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5514",
"datePublished": "2023-11-01T02:40:53.285Z",
"dateReserved": "2023-10-11T01:30:06.720Z",
"dateUpdated": "2025-02-27T20:36:52.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35527 (GCVE-0-2021-35527)
Vulnerability from nvd – Published: 2021-07-14 13:15 – Updated: 2024-09-16 23:01
VLAI?
Title
Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application
Summary
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
Severity ?
7.5 (High)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi ABB Power Grids | eSOMS |
Affected:
unspecified , ≤ 6.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "Hitachi ABB Power Grids",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T19:09:10",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "The problem is remediated in eSOMS version 6.3.1."
}
],
"source": {
"discovery": "USER"
},
"title": "Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application",
"workarounds": [
{
"lang": "en",
"value": "Recommended security best practices and firewall configurations can help protect a process control net-work from attacks that originate from outside the network. Such practices include ensuring critical applica-tions and systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall. Firewalls should be configured to have the minimum number of ports exposed and open ports should be justified and docu-mented. Critical systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. It is important to implement robust security awareness training to ensure users are able to identify common attacks or content such as phishing E-Mails or malicious web pages."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachi-powergrids.com",
"DATE_PUBLIC": "2021-07-14T12:00:00.000Z",
"ID": "CVE-2021-35527",
"STATE": "PUBLIC",
"TITLE": "Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.3"
}
]
}
}
]
},
"vendor_name": "Hitachi ABB Power Grids"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "The problem is remediated in eSOMS version 6.3.1."
}
],
"source": {
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Recommended security best practices and firewall configurations can help protect a process control net-work from attacks that originate from outside the network. Such practices include ensuring critical applica-tions and systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall. Firewalls should be configured to have the minimum number of ports exposed and open ports should be justified and docu-mented. Critical systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. It is important to implement robust security awareness training to ensure users are able to identify common attacks or content such as phishing E-Mails or malicious web pages."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-35527",
"datePublished": "2021-07-14T13:15:37.070135Z",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-16T23:01:49.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26845 (GCVE-0-2021-26845)
Vulnerability from nvd – Published: 2021-06-14 21:25 – Updated: 2024-09-16 18:23
VLAI?
Title
eSOMS Report Function Vulnerability
Summary
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T21:25:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "The problem is corrected in the following product versions:\neSOMS version 6.0.4.2.2\neSOMS version 6.1.4\neSOMS version 6.3\nHitachi ABB Power Grids recommends that customers apply the update as soon as possible."
}
],
"source": {
"discovery": "USER"
},
"title": "eSOMS Report Function Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2021-03-08T11:00:00.000Z",
"ID": "CVE-2021-26845",
"STATE": "PUBLIC",
"TITLE": "eSOMS Report Function Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "The problem is corrected in the following product versions:\neSOMS version 6.0.4.2.2\neSOMS version 6.1.4\neSOMS version 6.3\nHitachi ABB Power Grids recommends that customers apply the update as soon as possible."
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26845",
"datePublished": "2021-06-14T21:25:40.617368Z",
"dateReserved": "2021-02-07T00:00:00",
"dateUpdated": "2024-09-16T18:23:30.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19097 (GCVE-0-2019-19097)
Vulnerability from nvd – Published: 2020-04-02 19:48 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: SSL medium strength Cipher Suites
Summary
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.
Severity ?
5.9 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0 to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:48:26",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: SSL medium strength Cipher Suites",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19097",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: SSL medium strength Cipher Suites"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4.0 to 6.0.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-326 Inadequate Encryption Strength"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19097",
"datePublished": "2020-04-02T19:48:26",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19096 (GCVE-0-2019-19096)
Vulnerability from nvd – Published: 2020-04-02 19:48 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: REDIS clear text credentials
Summary
The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.
Severity ?
6.1 (Medium)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.0 to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:48:02",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: REDIS clear text credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19096",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: REDIS clear text credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "6.0 to 6.0.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257 Storing Passwords in a Recoverable Format"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19096",
"datePublished": "2020-04-02T19:48:02",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19095 (GCVE-0-2019-19095)
Vulnerability from nvd – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: Stored XSS vulnerability
Summary
Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.
Severity ?
5.4 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0 to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:47:46",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: Stored XSS vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19095",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: Stored XSS vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "4.0 to 6.0.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19095",
"datePublished": "2020-04-02T19:47:46",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19094 (GCVE-0-2019-19094)
Vulnerability from nvd – Published: 2020-04-02 19:47 – Updated: 2024-08-05 02:09
VLAI?
Title
ABB eSOMS: SQL injection vulnerability
Summary
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
Severity ?
7.6 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.9 to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:47:32",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ABB eSOMS: SQL injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19094",
"STATE": "PUBLIC",
"TITLE": "ABB eSOMS: SQL injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_value": "3.9 to 6.0.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19094",
"datePublished": "2020-04-02T19:47:32",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5516 (GCVE-0-2023-5516)
Vulnerability from cvelistv5 – Published: 2023-11-01 02:54 – Updated: 2025-02-27 20:36
VLAI?
Summary
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing
information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,
backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:51.563697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:39.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"
}
],
"value": "\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:54:21.225Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5516",
"datePublished": "2023-11-01T02:54:21.225Z",
"dateReserved": "2023-10-11T01:30:14.840Z",
"dateUpdated": "2025-02-27T20:36:39.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5515 (GCVE-0-2023-5515)
Vulnerability from cvelistv5 – Published: 2023-11-01 02:49 – Updated: 2025-02-27 20:36
VLAI?
Summary
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against
web servers and deployed web applications.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:57.835378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:46.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"
}
],
"value": "\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:49:08.085Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5515",
"datePublished": "2023-11-01T02:49:08.085Z",
"dateReserved": "2023-10-11T01:30:12.236Z",
"dateUpdated": "2025-02-27T20:36:46.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5514 (GCVE-0-2023-5514)
Vulnerability from cvelistv5 – Published: 2023-11-01 02:40 – Updated: 2025-02-27 20:36
VLAI?
Summary
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be
abused for enumerating the local file system structure.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | eSOMS |
Affected:
6.0 , ≤ 6.3.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:59.290872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:52.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSOMS",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "6.3.13",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
}
],
"value": "\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T02:40:53.285Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-5514",
"datePublished": "2023-11-01T02:40:53.285Z",
"dateReserved": "2023-10-11T01:30:06.720Z",
"dateUpdated": "2025-02-27T20:36:52.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35527 (GCVE-0-2021-35527)
Vulnerability from cvelistv5 – Published: 2021-07-14 13:15 – Updated: 2024-09-16 23:01
VLAI?
Title
Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application
Summary
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
Severity ?
7.5 (High)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi ABB Power Grids | eSOMS |
Affected:
unspecified , ≤ 6.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eSOMS",
"vendor": "Hitachi ABB Power Grids",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T19:09:10",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "The problem is remediated in eSOMS version 6.3.1."
}
],
"source": {
"discovery": "USER"
},
"title": "Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application",
"workarounds": [
{
"lang": "en",
"value": "Recommended security best practices and firewall configurations can help protect a process control net-work from attacks that originate from outside the network. Such practices include ensuring critical applica-tions and systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall. Firewalls should be configured to have the minimum number of ports exposed and open ports should be justified and docu-mented. Critical systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. It is important to implement robust security awareness training to ensure users are able to identify common attacks or content such as phishing E-Mails or malicious web pages."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachi-powergrids.com",
"DATE_PUBLIC": "2021-07-14T12:00:00.000Z",
"ID": "CVE-2021-35527",
"STATE": "PUBLIC",
"TITLE": "Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSOMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.3"
}
]
}
}
]
},
"vendor_name": "Hitachi ABB Power Grids"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "The problem is remediated in eSOMS version 6.3.1."
}
],
"source": {
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Recommended security best practices and firewall configurations can help protect a process control net-work from attacks that originate from outside the network. Such practices include ensuring critical applica-tions and systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall. Firewalls should be configured to have the minimum number of ports exposed and open ports should be justified and docu-mented. Critical systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. It is important to implement robust security awareness training to ensure users are able to identify common attacks or content such as phishing E-Mails or malicious web pages."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-35527",
"datePublished": "2021-07-14T13:15:37.070135Z",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-16T23:01:49.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26845 (GCVE-0-2021-26845)
Vulnerability from cvelistv5 – Published: 2021-06-14 21:25 – Updated: 2024-09-16 18:23
VLAI?
Title
eSOMS Report Function Vulnerability
Summary
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T21:25:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "The problem is corrected in the following product versions:\neSOMS version 6.0.4.2.2\neSOMS version 6.1.4\neSOMS version 6.3\nHitachi ABB Power Grids recommends that customers apply the update as soon as possible."
}
],
"source": {
"discovery": "USER"
},
"title": "eSOMS Report Function Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2021-03-08T11:00:00.000Z",
"ID": "CVE-2021-26845",
"STATE": "PUBLIC",
"TITLE": "eSOMS Report Function Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "The problem is corrected in the following product versions:\neSOMS version 6.0.4.2.2\neSOMS version 6.1.4\neSOMS version 6.3\nHitachi ABB Power Grids recommends that customers apply the update as soon as possible."
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26845",
"datePublished": "2021-06-14T21:25:40.617368Z",
"dateReserved": "2021-02-07T00:00:00",
"dateUpdated": "2024-09-16T18:23:30.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}