Search
Find a vulnerability
Search criteria
159 vulnerabilities by hitachienergy
VAR-202211-1392
Vulnerability from variot - Updated: 2025-07-24 23:56An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software from ABB in Switzerland. The software is mainly used in substation automation, SCADA electrical, power distribution management applications and industrial power management etc. An attacker could exploit this vulnerability to execute code remotely
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.3.1"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.1"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.2.1"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.2"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.1"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.4"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.4"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.3"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.0"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.3"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.1.1"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.2"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.4"
},
{
"model": "microscada pro sys600 9.4:fixpack 1",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "microscada pro sys600 9.4:fixpack 2",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "microscada pro sys600",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=9.3"
},
{
"model": "microscada pro sys600",
"scope": "gte",
"trust": 0.6,
"vendor": "abb",
"version": "10.0,\u003c=10.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"cve": "CVE-2022-3388",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-86331",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cybersecurity@hitachienergy.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2022-3388",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-3388",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2022-3388",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-3388",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-86331",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3240",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA\nPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user\u0027s role. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software from ABB in Switzerland. The software is mainly used in substation automation, SCADA electrical, power distribution management applications and industrial power management etc. An attacker could exploit this vulnerability to execute code remotely",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3388"
},
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3388",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2022-86331",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"id": "VAR-202211-1392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
]
},
"last_update_date": "2025-07-24T23:56:05.359000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for ABB MicroSCADA Pro SYS600 Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/367091"
},
{
"title": "ABB MicroSCADA Pro SYS600 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=215569"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://search.abb.com/library/download.aspx?documentid=8dbd000123\u0026languagecode=en\u0026documentpartid=\u0026action=launch\u0026elqaid=4293\u0026elqat=1"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3388/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"date": "2022-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"date": "2022-11-21T19:15:13.353000",
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"date": "2022-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"date": "2025-07-23T21:15:25.387000",
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 Code Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
}
],
"trust": 0.6
}
}
VAR-201710-0696
Vulnerability from variot - Updated: 2025-04-20 23:34The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. ABB Fox515T Contains an information disclosure vulnerability.Information may be obtained. The ABBFox 515T is a versatile optical transmission device from ABB Switzerland. Embeddedwebserver is one of the embedded web servers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0696",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fox515t",
"scope": "eq",
"trust": 1.4,
"vendor": "abb",
"version": "1.0"
},
{
"model": "fox515t",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "r.1.0_ics10"
},
{
"model": "fox515t",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "r.1.0_ics10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fox515t",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a28a4ad5-3ec7-4341-bdbb-b5ca6bbb1bd5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33793"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009522"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-632"
},
{
"db": "NVD",
"id": "CVE-2017-15583"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:abb:fox515t_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009522"
}
]
},
"cve": "CVE-2017-15583",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-15583",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-33793",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "a28a4ad5-3ec7-4341-bdbb-b5ca6bbb1bd5",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-106420",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-15583",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-15583",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-15583",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-33793",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-632",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a28a4ad5-3ec7-4341-bdbb-b5ca6bbb1bd5",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-106420",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a28a4ad5-3ec7-4341-bdbb-b5ca6bbb1bd5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33793"
},
{
"db": "VULHUB",
"id": "VHN-106420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009522"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-632"
},
{
"db": "NVD",
"id": "CVE-2017-15583"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. ABB Fox515T Contains an information disclosure vulnerability.Information may be obtained. The ABBFox 515T is a versatile optical transmission device from ABB Switzerland. Embeddedwebserver is one of the embedded web servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15583"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009522"
},
{
"db": "CNVD",
"id": "CNVD-2017-33793"
},
{
"db": "IVD",
"id": "a28a4ad5-3ec7-4341-bdbb-b5ca6bbb1bd5"
},
{
"db": "VULHUB",
"id": "VHN-106420"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15583",
"trust": 3.3
},
{
"db": "CNNVD",
"id": "CNNVD-201710-632",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-33793",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009522",
"trust": 0.8
},
{
"db": "IVD",
"id": "A28A4AD5-3EC7-4341-BDBB-B5CA6BBB1BD5",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-106420",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a28a4ad5-3ec7-4341-bdbb-b5ca6bbb1bd5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33793"
},
{
"db": "VULHUB",
"id": "VHN-106420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009522"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-632"
},
{
"db": "NVD",
"id": "CVE-2017-15583"
}
]
},
"id": "VAR-201710-0696",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a28a4ad5-3ec7-4341-bdbb-b5ca6bbb1bd5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33793"
},
{
"db": "VULHUB",
"id": "VHN-106420"
}
],
"trust": 1.54285713
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a28a4ad5-3ec7-4341-bdbb-b5ca6bbb1bd5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33793"
}
]
},
"last_update_date": "2025-04-20T23:34:17.653000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABB-VU-PGGA-1KHW028693",
"trust": 0.8,
"url": "http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW028693\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009522"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009522"
},
{
"db": "NVD",
"id": "CVE-2017-15583"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://search-ext.abb.com/library/download.aspx?documentid=1khw028693\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15583"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15583"
},
{
"trust": 0.1,
"url": "http://search-ext.abb.com/library/download.aspx?documentid=1khw028693\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33793"
},
{
"db": "VULHUB",
"id": "VHN-106420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009522"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-632"
},
{
"db": "NVD",
"id": "CVE-2017-15583"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a28a4ad5-3ec7-4341-bdbb-b5ca6bbb1bd5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33793"
},
{
"db": "VULHUB",
"id": "VHN-106420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009522"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-632"
},
{
"db": "NVD",
"id": "CVE-2017-15583"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-14T00:00:00",
"db": "IVD",
"id": "a28a4ad5-3ec7-4341-bdbb-b5ca6bbb1bd5"
},
{
"date": "2017-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33793"
},
{
"date": "2017-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-106420"
},
{
"date": "2017-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009522"
},
{
"date": "2017-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-632"
},
{
"date": "2017-10-18T08:29:00.247000",
"db": "NVD",
"id": "CVE-2017-15583"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33793"
},
{
"date": "2017-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-106420"
},
{
"date": "2017-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009522"
},
{
"date": "2023-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-632"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-15583"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-632"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB Fox515T Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009522"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-632"
}
],
"trust": 0.6
}
}
VAR-201712-0121
Vulnerability from variot - Updated: 2025-04-20 23:34An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. ABB Ellipse Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ellipse is an EAM software application for asset-intensive industries. ABB Ellipse has an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0121",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ellipse",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "8.9.0"
},
{
"model": "ellipse",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "8.3.0"
},
{
"model": "ellipse",
"scope": "gte",
"trust": 0.8,
"vendor": "abb",
"version": "8.3\u003c=8.9"
},
{
"model": "ellipse",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "ellipse select",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "ellipse",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "8.9"
},
{
"model": "ellipse",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "8.8"
},
{
"model": "ellipse",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "8.7"
},
{
"model": "ellipse",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "8.6"
},
{
"model": "ellipse",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "8.5"
},
{
"model": "ellipse",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "8.4"
},
{
"model": "ellipse",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "8.3"
},
{
"model": "ellipse release",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "8.9.67"
},
{
"model": "ellipse release",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "8.8.127"
},
{
"model": "ellipse release",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "8.7.187"
},
{
"model": "ellipse release",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "8.6.215"
},
{
"model": "ellipse release",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "8.5.267"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e01d40-39ab-11e9-934f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37702"
},
{
"db": "BID",
"id": "102224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011780"
},
{
"db": "NVD",
"id": "CVE-2017-16731"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:ellipse",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011780"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-746"
}
],
"trust": 0.6
},
"cve": "CVE-2017-16731",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2017-16731",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-37702",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "e2e01d40-39ab-11e9-934f-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-107683",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-16731",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16731",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-16731",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-37702",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-746",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e01d40-39ab-11e9-934f-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-107683",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e01d40-39ab-11e9-934f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37702"
},
{
"db": "VULHUB",
"id": "VHN-107683"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011780"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-746"
},
{
"db": "NVD",
"id": "CVE-2017-16731"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. ABB Ellipse Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ellipse is an EAM software application for asset-intensive industries. ABB Ellipse has an information disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16731"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011780"
},
{
"db": "CNVD",
"id": "CNVD-2017-37702"
},
{
"db": "BID",
"id": "102224"
},
{
"db": "IVD",
"id": "e2e01d40-39ab-11e9-934f-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-107683"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16731",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-353-01",
"trust": 3.4
},
{
"db": "BID",
"id": "102224",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201712-746",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-37702",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011780",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E01D40-39AB-11E9-934F-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-107683",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e01d40-39ab-11e9-934f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37702"
},
{
"db": "VULHUB",
"id": "VHN-107683"
},
{
"db": "BID",
"id": "102224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011780"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-746"
},
{
"db": "NVD",
"id": "CVE-2017-16731"
}
]
},
"id": "VAR-201712-0121",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e01d40-39ab-11e9-934f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37702"
},
{
"db": "VULHUB",
"id": "VHN-107683"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e01d40-39ab-11e9-934f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37702"
}
]
},
"last_update_date": "2025-04-20T23:34:15.656000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://new.abb.com/"
},
{
"title": "ABB Ellipse information leaking hole patch patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111305"
},
{
"title": "ABB Ellipse Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77238"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37702"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011780"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-746"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-523",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107683"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011780"
},
{
"db": "NVD",
"id": "CVE-2017-16731"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16731"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16731"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/102224"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37702"
},
{
"db": "VULHUB",
"id": "VHN-107683"
},
{
"db": "BID",
"id": "102224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011780"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-746"
},
{
"db": "NVD",
"id": "CVE-2017-16731"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e01d40-39ab-11e9-934f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37702"
},
{
"db": "VULHUB",
"id": "VHN-107683"
},
{
"db": "BID",
"id": "102224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011780"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-746"
},
{
"db": "NVD",
"id": "CVE-2017-16731"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "IVD",
"id": "e2e01d40-39ab-11e9-934f-000c29342cb1"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37702"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-107683"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102224"
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011780"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-746"
},
{
"date": "2017-12-20T19:29:00.287000",
"db": "NVD",
"id": "CVE-2017-16731"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37702"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-107683"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102224"
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011780"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-746"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-16731"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-746"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB Ellipse Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011780"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-746"
}
],
"trust": 0.6
}
}
VAR-201711-0413
Vulnerability from variot - Updated: 2025-04-20 23:03An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server. FOX515 is a universal communication platform based on TDM technology (time division multiplexing). ABB FOX515T is prone to a local information-disclosure vulnerability. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks. ABB FOX515T 1.0 is vulnerable; other versions may also be affected. ABB FOX515T is a multi-functional optical transmission equipment produced by Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0413",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fox515t",
"scope": "eq",
"trust": 2.3,
"vendor": "abb",
"version": "1.0"
},
{
"model": "fox515t",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fox515t",
"version": "1.0"
}
],
"sources": [
{
"db": "IVD",
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa"
},
{
"db": "CNVD",
"id": "CNVD-2017-32177"
},
{
"db": "BID",
"id": "101662"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009949"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1250"
},
{
"db": "NVD",
"id": "CVE-2017-14025"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:abb:fox515t_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009949"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ketan Bali",
"sources": [
{
"db": "BID",
"id": "101662"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14025",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-14025",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-32177",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-104706",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-14025",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14025",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-14025",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-32177",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1250",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-104706",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa"
},
{
"db": "CNVD",
"id": "CNVD-2017-32177"
},
{
"db": "VULHUB",
"id": "VHN-104706"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009949"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1250"
},
{
"db": "NVD",
"id": "CVE-2017-14025"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server. FOX515 is a universal communication platform based on TDM technology (time division multiplexing). ABB FOX515T is prone to a local information-disclosure vulnerability. \nSuccessful exploits may allow an attacker to obtain sensitive information that may lead to further attacks. \nABB FOX515T 1.0 is vulnerable; other versions may also be affected. ABB FOX515T is a multi-functional optical transmission equipment produced by Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14025"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009949"
},
{
"db": "CNVD",
"id": "CNVD-2017-32177"
},
{
"db": "BID",
"id": "101662"
},
{
"db": "IVD",
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa"
},
{
"db": "VULHUB",
"id": "VHN-104706"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14025",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-304-01",
"trust": 3.4
},
{
"db": "BID",
"id": "101662",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1250",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-32177",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009949",
"trust": 0.8
},
{
"db": "IVD",
"id": "094D9C9B-CA7A-44FD-9D10-0883F57157AA",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-104706",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa"
},
{
"db": "CNVD",
"id": "CNVD-2017-32177"
},
{
"db": "VULHUB",
"id": "VHN-104706"
},
{
"db": "BID",
"id": "101662"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009949"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1250"
},
{
"db": "NVD",
"id": "CVE-2017-14025"
}
]
},
"id": "VAR-201711-0413",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa"
},
{
"db": "CNVD",
"id": "CNVD-2017-32177"
},
{
"db": "VULHUB",
"id": "VHN-104706"
}
],
"trust": 1.54285713
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa"
},
{
"db": "CNVD",
"id": "CNVD-2017-32177"
}
]
},
"last_update_date": "2025-04-20T23:03:58.074000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://new.abb.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009949"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104706"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009949"
},
{
"db": "NVD",
"id": "CVE-2017-14025"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-304-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101662"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14025"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14025"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32177"
},
{
"db": "VULHUB",
"id": "VHN-104706"
},
{
"db": "BID",
"id": "101662"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009949"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1250"
},
{
"db": "NVD",
"id": "CVE-2017-14025"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa"
},
{
"db": "CNVD",
"id": "CNVD-2017-32177"
},
{
"db": "VULHUB",
"id": "VHN-104706"
},
{
"db": "BID",
"id": "101662"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009949"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1250"
},
{
"db": "NVD",
"id": "CVE-2017-14025"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-01T00:00:00",
"db": "IVD",
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa"
},
{
"date": "2017-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32177"
},
{
"date": "2017-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-104706"
},
{
"date": "2017-10-31T00:00:00",
"db": "BID",
"id": "101662"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009949"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1250"
},
{
"date": "2017-11-06T22:29:00.303000",
"db": "NVD",
"id": "CVE-2017-14025"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32177"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-104706"
},
{
"date": "2017-12-19T22:00:00",
"db": "BID",
"id": "101662"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009949"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1250"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-14025"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "101662"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1250"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB FOX515T Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa"
},
{
"db": "CNVD",
"id": "CNVD-2017-32177"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "094d9c9b-ca7a-44fd-9d10-0883f57157aa"
},
{
"db": "BID",
"id": "101662"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1250"
}
],
"trust": 1.1
}
}
VAR-202312-0757
Vulnerability from variot - Updated: 2025-02-14 23:17A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized. rtu520 firmware, rtu530 firmware, rtu540 firmware etc. Hitachi Energy A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0757",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu520",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu560",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu530",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu540",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.2.1,\u003c=12.2.11"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.4.1,\u003c=12.4.11"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.6.1,\u003c=12.6.9"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.7.1,\u003c=12.7.6"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.2.1,\u003c=13.2.6"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.4.1,\u003c=13.4.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02739"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019661"
},
{
"db": "NVD",
"id": "CVE-2023-5769"
}
]
},
"cve": "CVE-2023-5769",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-02739",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-5769",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@hitachienergy.com",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-5769",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-5769",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-5769",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2023-5769",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-5769",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-02739",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02739"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019661"
},
{
"db": "NVD",
"id": "CVE-2023-5769"
},
{
"db": "NVD",
"id": "CVE-2023-5769"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nA vulnerability exists in the webserver that affects the \nRTU500 series product versions listed below. A malicious \nactor could perform cross-site scripting on the webserver \ndue to user input being improperly sanitized. rtu520 firmware, rtu530 firmware, rtu540 firmware etc. Hitachi Energy A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5769"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019661"
},
{
"db": "CNVD",
"id": "CNVD-2025-02739"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-5769",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019661",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-02739",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02739"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019661"
},
{
"db": "NVD",
"id": "CVE-2023-5769"
}
]
},
"id": "VAR-202312-0757",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02739"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02739"
}
]
},
"last_update_date": "2025-02-14T23:17:08.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Hitachi Energy RTU500 series CMU Firmware Cross-site Scripting Vulnerability (CNVD-2025-02739)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/654821"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02739"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019661"
},
{
"db": "NVD",
"id": "CVE-2023-5769"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://publisher.hitachienergy.com/preview?documentid=8dbd000176\u0026languagecode=en\u0026preview=true"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5769"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02739"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019661"
},
{
"db": "NVD",
"id": "CVE-2023-5769"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-02739"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019661"
},
{
"db": "NVD",
"id": "CVE-2023-5769"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02739"
},
{
"date": "2024-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-019661"
},
{
"date": "2023-12-14T17:15:09.920000",
"db": "NVD",
"id": "CVE-2023-5769"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02739"
},
{
"date": "2024-01-15T02:44:00",
"db": "JVNDB",
"id": "JVNDB-2023-019661"
},
{
"date": "2023-12-18T19:03:54.960000",
"db": "NVD",
"id": "CVE-2023-5769"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Hitachi\u00a0Energy\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019661"
}
],
"trust": 0.8
}
}
VAR-202312-1753
Vulnerability from variot - Updated: 2025-02-14 23:10Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. Hitachi Energy of rtu500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. Attackers can exploit the vulnerability to cause a buffer overflow and eventually cause the RTU500 CMU to restart
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1753",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.12.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.7.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.15.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.5.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.4.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.7.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.12.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.10.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 13.5.1.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.0.1.0 that\u0027s all 12.0.15.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.7.1.0 that\u0027s all 12.7.7.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.6.1.0 that\u0027s all 12.6.10.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 13.2.1.0 that\u0027s all 13.2.7.0"
},
{
"model": "rtu500",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 13.4.1.0 that\u0027s all 13.4.4.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.2.1.0 that\u0027s all 12.2.12.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.4.1.0 that\u0027s all 12.4.12.0"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.2.1,\u003c=12.2.11"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.4.1,\u003c=12.4.11"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.6.1,\u003c=12.6.9"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.7.1,\u003c=12.7.6"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.2.1,\u003c=13.2.6"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.0.1,\u003c=12.0.14"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.4.1,\u003c=13.4.3"
},
{
"model": "energy rtu500 series cmu",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"cve": "CVE-2023-6711",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2025-02737",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-6711",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cybersecurity@hitachienergy.com",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2023-6711",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-6711",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-6711",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2023-6711",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-6711",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-02737",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. Hitachi Energy of rtu500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. Attackers can exploit the vulnerability to cause a buffer overflow and eventually cause the RTU500 CMU to restart",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6711"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-6711",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU98968158",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-354-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-02737",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"id": "VAR-202312-1753",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
]
},
"last_update_date": "2025-02-14T23:10:23.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Hitachi Energy RTU500 series CMU Firmware Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/654811"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://publisher.hitachienergy.com/preview?documentid=8dbd000184\u0026languagecode=en\u0026preview=true"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98968158/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-6711"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-6711/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"date": "2024-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"date": "2023-12-19T15:15:09.257000",
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"date": "2024-12-23T03:23:00",
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"date": "2024-09-25T09:15:02.930000",
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi\u00a0Energy\u00a0 of \u00a0rtu500\u00a0 Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
}
],
"trust": 0.8
}
}
VAR-202312-1763
Vulnerability from variot - Updated: 2025-02-14 23:09A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Incomplete or wrong received APDU frame layout may cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer with wrong length information of APDU or delayed reception of data octets.
Only communication link of affected HCI IEC 60870-5-104 is blocked. If attack sequence stops the communication to the previously attacked link gets normal again. rtu520 firmware, rtu530 firmware, rtu540 firmware etc. Hitachi Energy A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. Hitachi Energy RTU500 is a series of industrial control components of Hitachi, Ltd
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1763",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu530",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu560",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu540",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu520",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.0.1,\u003c=12.0.14"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02741"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018634"
},
{
"db": "NVD",
"id": "CVE-2023-5768"
}
]
},
"cve": "CVE-2023-5768",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2025-02741",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-5768",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cybersecurity@hitachienergy.com",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2023-5768",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-5768",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-5768",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2023-5768",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-5768",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-02741",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02741"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018634"
},
{
"db": "NVD",
"id": "CVE-2023-5768"
},
{
"db": "NVD",
"id": "CVE-2023-5768"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. \nIncomplete or wrong received APDU frame layout may \ncause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer \nwith wrong length information of APDU or delayed reception \nof data octets. \n\n\nOnly communication link of affected HCI IEC 60870-5-104 \nis blocked. If attack sequence stops the communication to \nthe previously attacked link gets normal again. rtu520 firmware, rtu530 firmware, rtu540 firmware etc. Hitachi Energy A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. Hitachi Energy RTU500 is a series of industrial control components of Hitachi, Ltd",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5768"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018634"
},
{
"db": "CNVD",
"id": "CNVD-2025-02741"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-5768",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018634",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-02741",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02741"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018634"
},
{
"db": "NVD",
"id": "CVE-2023-5768"
}
]
},
"id": "VAR-202312-1763",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02741"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02741"
}
]
},
"last_update_date": "2025-02-14T23:09:05.536000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Hitachi Energy RTU500 series CMU Firmware Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/654831"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02741"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-018634"
},
{
"db": "NVD",
"id": "CVE-2023-5768"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://publisher.hitachienergy.com/preview?documentid=8dbd000176\u0026languagecode=en\u0026preview=true"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5768"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02741"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018634"
},
{
"db": "NVD",
"id": "CVE-2023-5768"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-02741"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018634"
},
{
"db": "NVD",
"id": "CVE-2023-5768"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02741"
},
{
"date": "2024-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-018634"
},
{
"date": "2023-12-04T15:15:07.793000",
"db": "NVD",
"id": "CVE-2023-5768"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02741"
},
{
"date": "2024-01-11T07:50:00",
"db": "JVNDB",
"id": "JVNDB-2023-018634"
},
{
"date": "2023-12-07T21:02:40.177000",
"db": "NVD",
"id": "CVE-2023-5768"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Hitachi\u00a0Energy\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-018634"
}
],
"trust": 0.8
}
}
VAR-202312-0758
Vulnerability from variot - Updated: 2025-02-14 23:03A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized. rtu520 firmware, rtu530 firmware, rtu540 firmware etc. Hitachi Energy A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0758",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.6"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.3"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.6"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.14"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.9"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu530",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu560",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu540",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu520",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.0.1,\u003c=12.0.14"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02740"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018626"
},
{
"db": "NVD",
"id": "CVE-2023-5767"
}
]
},
"cve": "CVE-2023-5767",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-02740",
"impactScore": 7.8,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-5767",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@hitachienergy.com",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"id": "CVE-2023-5767",
"impactScore": 4.7,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-5767",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-5767",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2023-5767",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-5767",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-02740",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02740"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018626"
},
{
"db": "NVD",
"id": "CVE-2023-5767"
},
{
"db": "NVD",
"id": "CVE-2023-5767"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nA vulnerability exists in the webserver that affects the \nRTU500 series product versions listed below. A malicious \nactor could perform cross-site scripting on the webserver \ndue to an RDT language file being improperly sanitized. rtu520 firmware, rtu530 firmware, rtu540 firmware etc. Hitachi Energy A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5767"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018626"
},
{
"db": "CNVD",
"id": "CNVD-2025-02740"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-5767",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018626",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-02740",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02740"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018626"
},
{
"db": "NVD",
"id": "CVE-2023-5767"
}
]
},
"id": "VAR-202312-0758",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02740"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02740"
}
]
},
"last_update_date": "2025-02-14T23:03:49.885000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Hitachi Energy RTU500 series CMU Firmware Cross-site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/654826"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02740"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-018626"
},
{
"db": "NVD",
"id": "CVE-2023-5767"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://publisher.hitachienergy.com/preview?documentid=8dbd000176\u0026languagecode=en\u0026preview=true"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5767"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02740"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018626"
},
{
"db": "NVD",
"id": "CVE-2023-5767"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-02740"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018626"
},
{
"db": "NVD",
"id": "CVE-2023-5767"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02740"
},
{
"date": "2024-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-018626"
},
{
"date": "2023-12-04T15:15:07.613000",
"db": "NVD",
"id": "CVE-2023-5767"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02740"
},
{
"date": "2024-01-11T07:43:00",
"db": "JVNDB",
"id": "JVNDB-2023-018626"
},
{
"date": "2023-12-07T17:54:21.037000",
"db": "NVD",
"id": "CVE-2023-5767"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Hitachi\u00a0Energy\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-018626"
}
],
"trust": 0.8
}
}
VAR-202208-1719
Vulnerability from variot - Updated: 2025-02-14 23:00A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function. Hitachi Energy Provided by RTU500 series The following vulnerabilities exist in. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. The vulnerability stems from enabling and configuring HCI Modbus TCP. Hitachi Energy RTU500
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1719",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.4"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.4"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.4"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu520",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.3.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.7"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.7"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.7"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.3"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.3"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.13"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.13"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.3"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.13"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu560",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.3.1"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.4"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu530",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.3.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1"
},
{
"model": "rtu540",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.3.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.7"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.11"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.3"
},
{
"model": "rtu520",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.13"
},
{
"model": "rtu530",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu540",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1"
},
{
"model": "rtu540",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu560",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1"
},
{
"model": "rtu560",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.11"
},
{
"model": "rtu520",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1"
},
{
"model": "rtu530",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1"
},
{
"model": "rtu540",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu560",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu530",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu520",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.0.1.0,\u003c=12.0.14.0"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.2.1.0,\u003c=12.2.11.0"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.4.1.0,\u003c=12.4.11.0"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.6.1.0,\u003c=12.6.7.0"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.7.1.0,\u003c=12.7.3.0"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.2.1.0,\u003c=13.2.4.0"
},
{
"model": "energy rtu500 series cmu",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.3.1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002340"
},
{
"db": "NVD",
"id": "CVE-2022-2081"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi Energy reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3793"
}
],
"trust": 0.6
},
"cve": "CVE-2022-2081",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-02742",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2081",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-2081",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2081",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2022-2081",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2081",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-02742",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3793",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002340"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3793"
},
{
"db": "NVD",
"id": "CVE-2022-2081"
},
{
"db": "NVD",
"id": "CVE-2022-2081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function. Hitachi Energy Provided by RTU500 series The following vulnerabilities exist in. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. The vulnerability stems from enabling and configuring HCI Modbus TCP. Hitachi Energy RTU500",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2081"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002340"
},
{
"db": "CNVD",
"id": "CNVD-2025-02742"
},
{
"db": "VULMON",
"id": "CVE-2022-2081"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2081",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-235-07",
"trust": 2.1
},
{
"db": "JVN",
"id": "JVNVU95882646",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002340",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-02742",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3793",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2081",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02742"
},
{
"db": "VULMON",
"id": "CVE-2022-2081"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002340"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3793"
},
{
"db": "NVD",
"id": "CVE-2022-2081"
}
]
},
"id": "VAR-202208-1719",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02742"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02742"
}
]
},
"last_update_date": "2025-02-14T23:00:37.175000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Modbus\u00a0File\u00a0Write\u00a0Vulnerability\u00a0in\u00a0Hitachi\u00a0Energy \u2019 s\u00a0RTU500\u00a0series\u00a0Product\u00a0CVE-2022-2081 (( PDF)",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000111\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for Hitachi Energy RTU500 series CMU firmware buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/654836"
},
{
"title": "Hitachi Energy RTU500 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=205284"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002340"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3793"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002340"
},
{
"db": "NVD",
"id": "CVE-2022-2081"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-235-07"
},
{
"trust": 1.0,
"url": "https://publisher.hitachienergy.com/preview?documentid=8dbd000111\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-07"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95882646/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2081"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02742"
},
{
"db": "VULMON",
"id": "CVE-2022-2081"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002340"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3793"
},
{
"db": "NVD",
"id": "CVE-2022-2081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-02742"
},
{
"db": "VULMON",
"id": "CVE-2022-2081"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002340"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3793"
},
{
"db": "NVD",
"id": "CVE-2022-2081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02742"
},
{
"date": "2022-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002340"
},
{
"date": "2022-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3793"
},
{
"date": "2024-01-04T10:15:10.927000",
"db": "NVD",
"id": "CVE-2022-2081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02742"
},
{
"date": "2024-04-30T08:51:00",
"db": "JVNDB",
"id": "JVNDB-2022-002340"
},
{
"date": "2022-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3793"
},
{
"date": "2024-09-25T01:15:32.237000",
"db": "NVD",
"id": "CVE-2022-2081"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi\u00a0Energy\u00a0 Made \u00a0RTU500\u00a0series\u00a0 Stack-based buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002340"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3793"
}
],
"trust": 0.6
}
}
VAR-202312-1566
Vulnerability from variot - Updated: 2025-02-14 23:00A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. RTU500 Scripting interface is part of the Hitachi Energy RTU500 series of industrial control components, mainly used to provide a script programming interface to achieve specific automation control and data processing functions. This interface supports the control of various functions of RTU500 through script programming, including data acquisition, execution of control commands, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1566",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.0.2"
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.1.1"
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.0.1.30"
},
{
"model": "rtu500 scripting interface",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "1.0.1.30"
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "1.0.2"
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "1.1.1"
},
{
"model": "energy rtu500 scripting interface",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "1.0.1.30"
},
{
"model": "energy rtu500 scripting interface",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "1.0.2"
},
{
"model": "energy rtu500 scripting interface",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "1.1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"cve": "CVE-2023-1514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2025-02738",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-1514",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cybersecurity@hitachienergy.com",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2023-1514",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-1514",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-1514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2023-1514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-1514",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-02738",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted\u00a0and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. RTU500 Scripting interface is part of the Hitachi Energy RTU500 series of industrial control components, mainly used to provide a script programming interface to achieve specific automation control and data processing functions. This interface supports the control of various functions of RTU500 through script programming, including data acquisition, execution of control commands, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-1514"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "CNVD",
"id": "CNVD-2025-02738"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-1514",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-24-331-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95579677",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-02738",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"id": "VAR-202312-1566",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
}
]
},
"last_update_date": "2025-02-14T23:00:32.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Hitachi Energy RTU500 Scripting interface\u200c Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/654816"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.0
},
{
"problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://publisher.hitachienergy.com/preview?documentid=8dbd000152\u0026languagecode=en\u0026preview=true"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95579677/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1514"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-331-05"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-1514/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"date": "2024-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"date": "2023-12-19T15:15:08.037000",
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"date": "2024-11-28T04:56:00",
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"date": "2023-12-28T17:00:22.227000",
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi\u00a0Energy\u00a0 of \u00a0rtu500\u00a0scripting\u00a0interface\u00a0 Certificate validation vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
}
],
"trust": 0.8
}
}
VAR-202206-0644
Vulnerability from variot - Updated: 2025-01-30 21:19Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0644",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "txpert hub coretec 4",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.2.1"
},
{
"model": "txpert hub coretec 4",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.0.1"
},
{
"model": "txpert hub coretec 4",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.1.2"
},
{
"model": "txpert hub coretec 4",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.2.0"
},
{
"model": "txpert hub coretec 4",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.0.0"
},
{
"model": "txpert hub coretec 4",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.1.3"
},
{
"model": "txpert hub coretec 4",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.1.1"
},
{
"model": "txpert hub coretec 4",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.1.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35531"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi Energy reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-764"
}
],
"trust": 0.6
},
"cve": "CVE-2021-35531",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-35531",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2021-35531",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-35531",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-764",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-35531",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35531"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-764"
},
{
"db": "NVD",
"id": "CVE-2021-35531"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35531"
},
{
"db": "VULMON",
"id": "CVE-2021-35531"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35531",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-249-04",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.4459",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-764",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-35531",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-35531"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-764"
},
{
"db": "NVD",
"id": "CVE-2021-35531"
}
]
},
"id": "VAR-202206-0644",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"industrial device"
],
"sub_category": "transformer",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:19:21.227000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Hitachi Energy TXpert Hub CoreTec 4 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=243007"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35531"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=8dbd000080\u0026languagecode=en\u0026documentpartid=\u0026action=launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_cybersecurity%20advisory%20update_may_03\u0026utm_medium=email\u0026utm_source=eloqua"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-249-04"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35531"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4459"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-35531/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-04"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-35531"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-764"
},
{
"db": "NVD",
"id": "CVE-2021-35531"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-35531"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-764"
},
{
"db": "NVD",
"id": "CVE-2021-35531"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35531"
},
{
"date": "2022-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-764"
},
{
"date": "2022-06-07T21:15:14.720000",
"db": "NVD",
"id": "CVE-2021-35531"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35531"
},
{
"date": "2023-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-764"
},
{
"date": "2023-06-26T17:58:52.407000",
"db": "NVD",
"id": "CVE-2021-35531"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-764"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi Energy TXpert Hub CoreTec 4 Operating system command injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-764"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-764"
}
],
"trust": 0.6
}
}
VAR-201911-1040
Vulnerability from variot - Updated: 2024-11-23 23:11An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. Relion 670 The series contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB Relion 670 Series is a transmission protection control device of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "relion 670",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.2"
},
{
"model": "relion 670",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.0"
},
{
"model": "relion 670",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1p1r26"
},
{
"model": "relion 670",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.1"
},
{
"model": "relion 670",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.0.0.10"
},
{
"model": "relion 670",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.1.0.1"
},
{
"model": "relion 670",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.2.3.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "relion 670",
"version": "*"
},
{
"model": "relion 670",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "relion",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "670\u003c=2.1.0.1"
},
{
"model": "relion \u003c=1p1r26",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "670"
},
{
"model": "relion",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "670\u003c=1.2.3.17"
},
{
"model": "relion",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "670\u003c=2.0.0.10"
},
{
"model": "relion 670",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1.2.3.18"
},
{
"model": "relion 670",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-44532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013152"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1410"
},
{
"db": "NVD",
"id": "CVE-2019-18253"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:abb:relion_670_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013152"
}
]
},
"cve": "CVE-2019-18253",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18253",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-44532",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18253",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18253",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18253",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-18253",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-44532",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1410",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-44532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013152"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1410"
},
{
"db": "NVD",
"id": "CVE-2019-18253"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. Relion 670 The series contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB Relion 670 Series is a transmission protection control device of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18253"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013152"
},
{
"db": "CNVD",
"id": "CNVD-2019-44532"
},
{
"db": "IVD",
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18253",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-330-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-44532",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1410",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013152",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4483",
"trust": 0.6
},
{
"db": "IVD",
"id": "EFF24A4B-DACF-456A-8D72-0A1BE88AE5B6",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-44532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013152"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1410"
},
{
"db": "NVD",
"id": "CVE-2019-18253"
}
]
},
"id": "VAR-201911-1040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-44532"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-44532"
}
]
},
"last_update_date": "2024-11-23T23:11:37.799000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
},
{
"title": "Patch for ABB Relion 670 Series Path Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/193463"
},
{
"title": "ABB Relion 670 Series Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103654"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013152"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1410"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013152"
},
{
"db": "NVD",
"id": "CVE-2019-18253"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-330-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18253"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18253"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4483/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013152"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1410"
},
{
"db": "NVD",
"id": "CVE-2019-18253"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-44532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013152"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1410"
},
{
"db": "NVD",
"id": "CVE-2019-18253"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-10T00:00:00",
"db": "IVD",
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6"
},
{
"date": "2019-12-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-44532"
},
{
"date": "2019-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013152"
},
{
"date": "2019-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1410"
},
{
"date": "2019-11-27T23:15:10.867000",
"db": "NVD",
"id": "CVE-2019-18253"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-44532"
},
{
"date": "2019-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013152"
},
{
"date": "2019-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1410"
},
{
"date": "2024-11-21T04:32:55.600000",
"db": "NVD",
"id": "CVE-2019-18253"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1410"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB Relion 670 Series path traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-44532"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1410"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "eff24a4b-dacf-456a-8d72-0a1be88ae5b6"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1410"
}
],
"trust": 0.8
}
}
VAR-202002-0493
Vulnerability from variot - Updated: 2024-11-23 23:04Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly. ABB Asset Suite Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained and tampered with. ABB Asset Suite is a set of enterprise asset management solutions mainly used in the power generation industry by Swiss ABB company. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to obtain sensitive information on the website. The following products and versions are affected: ABB Asset Suite from version 9.0 to version 9.3, version 9.4 before 9.4.2.6, version 9.5 before 9.5.3.2, version 9.6.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0493",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asset suite",
"scope": "eq",
"trust": 1.4,
"vendor": "abb",
"version": "9.6.0"
},
{
"model": "asset suite",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.0.0"
},
{
"model": "asset suite",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.5.0"
},
{
"model": "asset suite",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.3.0"
},
{
"model": "asset suite",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.5.3.2"
},
{
"model": "asset suite",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.4"
},
{
"model": "asset suite",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.4.2.6"
},
{
"model": "asset suite",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.6.0"
},
{
"model": "asset suite",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "9.0 \u304b\u3089 9.3"
},
{
"model": "asset suite",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "9.4 \u4ee5\u4e0a 9.4.2.6"
},
{
"model": "asset suite",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "9.5 \u4ee5\u4e0a 9.5.3.2"
},
{
"model": "asset suite",
"scope": "gte",
"trust": 0.6,
"vendor": "abb",
"version": "9.0,\u003c=9.3"
},
{
"model": "asset suite",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.4,\u003c9.4.2.6"
},
{
"model": "asset suite",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.5,\u003c9.5.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "asset suite",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "asset suite",
"version": "9.6.0"
}
],
"sources": [
{
"db": "IVD",
"id": "1076aff9-d046-423b-9962-e26fd72b94cc"
},
{
"db": "CNVD",
"id": "CNVD-2020-10131"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014607"
},
{
"db": "NVD",
"id": "CVE-2019-18998"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:asset_suite",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014607"
}
]
},
"cve": "CVE-2019-18998",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-18998",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014607",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-10131",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "1076aff9-d046-423b-9962-e26fd72b94cc",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-151400",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-18998",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014607",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18998",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-18998",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014607",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-10131",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-866",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "1076aff9-d046-423b-9962-e26fd72b94cc",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-151400",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1076aff9-d046-423b-9962-e26fd72b94cc"
},
{
"db": "CNVD",
"id": "CNVD-2020-10131"
},
{
"db": "VULHUB",
"id": "VHN-151400"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014607"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-866"
},
{
"db": "NVD",
"id": "CVE-2019-18998"
},
{
"db": "NVD",
"id": "CVE-2019-18998"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource\u0027s URL can access the resource directly. ABB Asset Suite Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained and tampered with. ABB Asset Suite is a set of enterprise asset management solutions mainly used in the power generation industry by Swiss ABB company. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to obtain sensitive information on the website. The following products and versions are affected: ABB Asset Suite from version 9.0 to version 9.3, version 9.4 before 9.4.2.6, version 9.5 before 9.5.3.2, version 9.6.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18998"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014607"
},
{
"db": "CNVD",
"id": "CNVD-2020-10131"
},
{
"db": "IVD",
"id": "1076aff9-d046-423b-9962-e26fd72b94cc"
},
{
"db": "VULHUB",
"id": "VHN-151400"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18998",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-02",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-202002-866",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2020-10131",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014607",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0930",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47150",
"trust": 0.6
},
{
"db": "IVD",
"id": "1076AFF9-D046-423B-9962-E26FD72B94CC",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151400",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1076aff9-d046-423b-9962-e26fd72b94cc"
},
{
"db": "CNVD",
"id": "CNVD-2020-10131"
},
{
"db": "VULHUB",
"id": "VHN-151400"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014607"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-866"
},
{
"db": "NVD",
"id": "CVE-2019-18998"
}
]
},
"id": "VAR-202002-0493",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1076aff9-d046-423b-9962-e26fd72b94cc"
},
{
"db": "CNVD",
"id": "CNVD-2020-10131"
},
{
"db": "VULHUB",
"id": "VHN-151400"
}
],
"trust": 1.65
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1076aff9-d046-423b-9962-e26fd72b94cc"
},
{
"db": "CNVD",
"id": "CNVD-2020-10131"
}
]
},
"last_update_date": "2024-11-23T23:04:29.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Asset Suite Direct Object Reference Vulnerability",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB Asset Suite Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/201555"
},
{
"title": "ABB Asset Suite Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110228"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-10131"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014607"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-866"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-639",
"trust": 1.9
},
{
"problemtype": "CWE-284",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151400"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014607"
},
{
"db": "NVD",
"id": "CVE-2019-18998"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-02"
},
{
"trust": 2.2,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9962\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18998"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18998"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47150"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0930/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9962\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-10131"
},
{
"db": "VULHUB",
"id": "VHN-151400"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014607"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-866"
},
{
"db": "NVD",
"id": "CVE-2019-18998"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1076aff9-d046-423b-9962-e26fd72b94cc"
},
{
"db": "CNVD",
"id": "CNVD-2020-10131"
},
{
"db": "VULHUB",
"id": "VHN-151400"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014607"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-866"
},
{
"db": "NVD",
"id": "CVE-2019-18998"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-17T00:00:00",
"db": "IVD",
"id": "1076aff9-d046-423b-9962-e26fd72b94cc"
},
{
"date": "2020-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-10131"
},
{
"date": "2020-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-151400"
},
{
"date": "2020-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014607"
},
{
"date": "2020-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-866"
},
{
"date": "2020-02-17T19:15:12.150000",
"db": "NVD",
"id": "CVE-2019-18998"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-10131"
},
{
"date": "2020-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-151400"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014607"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-866"
},
{
"date": "2024-11-21T04:33:57.980000",
"db": "NVD",
"id": "CVE-2019-18998"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-866"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB Asset Suite Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "1076aff9-d046-423b-9962-e26fd72b94cc"
},
{
"db": "CNVD",
"id": "CNVD-2020-10131"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-866"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "1076aff9-d046-423b-9962-e26fd72b94cc"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-866"
}
],
"trust": 0.8
}
}
VAR-201911-1038
Vulnerability from variot - Updated: 2024-11-23 23:01An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service. Relion 650 and 670 The series contains a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. ABB Relion 670 Series and ABB Relion 650 Series are transmission protection control equipment of ABB company in Switzerland
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1038",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "relion 670",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.0.0"
},
{
"model": "relion 650",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.3.0.5"
},
{
"model": "relion 670",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.1.0"
},
{
"model": "relion 670",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.2.3.18"
},
{
"model": "relion 670",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.0.0.11"
},
{
"model": "relion 670",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "2.1.0.1"
},
{
"model": "relion 650",
"scope": "lte",
"trust": 0.8,
"vendor": "abb",
"version": "1.3.0.5"
},
{
"model": "relion 670",
"scope": "lte",
"trust": 0.8,
"vendor": "abb",
"version": "1.2.3.18"
},
{
"model": "relion 670",
"scope": "lte",
"trust": 0.8,
"vendor": "abb",
"version": "2.0.0.11"
},
{
"model": "relion 670",
"scope": "lte",
"trust": 0.8,
"vendor": "abb",
"version": "2.1.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "relion 670",
"version": "*"
},
{
"model": "relion",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "650\u003c=1.3.0.5"
},
{
"model": "relion",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "670\u003c=1.2.3.18"
},
{
"model": "relion",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "670\u003c=2.0.0.11"
},
{
"model": "relion",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "670\u003c=2.1.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "relion 650",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "27fca591-94a3-4241-9cb6-09badf3f2a5e"
},
{
"db": "CNVD",
"id": "CNVD-2019-44533"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012816"
},
{
"db": "NVD",
"id": "CVE-2019-18247"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:abb:relion_650_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:relion_670_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012816"
}
]
},
"cve": "CVE-2019-18247",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18247",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-44533",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "27fca591-94a3-4241-9cb6-09badf3f2a5e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18247",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18247",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18247",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-18247",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-44533",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1409",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "27fca591-94a3-4241-9cb6-09badf3f2a5e",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "27fca591-94a3-4241-9cb6-09badf3f2a5e"
},
{
"db": "CNVD",
"id": "CNVD-2019-44533"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012816"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1409"
},
{
"db": "NVD",
"id": "CVE-2019-18247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service. Relion 650 and 670 The series contains a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. ABB Relion 670 Series and ABB Relion 650 Series are transmission protection control equipment of ABB company in Switzerland",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18247"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012816"
},
{
"db": "CNVD",
"id": "CNVD-2019-44533"
},
{
"db": "IVD",
"id": "27fca591-94a3-4241-9cb6-09badf3f2a5e"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18247",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-330-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-44533",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1409",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012816",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4482",
"trust": 0.6
},
{
"db": "IVD",
"id": "27FCA591-94A3-4241-9CB6-09BADF3F2A5E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "27fca591-94a3-4241-9cb6-09badf3f2a5e"
},
{
"db": "CNVD",
"id": "CNVD-2019-44533"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012816"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1409"
},
{
"db": "NVD",
"id": "CVE-2019-18247"
}
]
},
"id": "VAR-201911-1038",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "27fca591-94a3-4241-9cb6-09badf3f2a5e"
},
{
"db": "CNVD",
"id": "CNVD-2019-44533"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "27fca591-94a3-4241-9cb6-09badf3f2a5e"
},
{
"db": "CNVD",
"id": "CNVD-2019-44533"
}
]
},
"last_update_date": "2024-11-23T23:01:38.523000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
},
{
"title": "Patch for ABB Relion 650 and 670 Series Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/193465"
},
{
"title": "ABB Relion 670 Series and ABB Relion 650 Series Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104714"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44533"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012816"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1409"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012816"
},
{
"db": "NVD",
"id": "CVE-2019-18247"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-330-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18247"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18247"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4482/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44533"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012816"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1409"
},
{
"db": "NVD",
"id": "CVE-2019-18247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "27fca591-94a3-4241-9cb6-09badf3f2a5e"
},
{
"db": "CNVD",
"id": "CNVD-2019-44533"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012816"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1409"
},
{
"db": "NVD",
"id": "CVE-2019-18247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-10T00:00:00",
"db": "IVD",
"id": "27fca591-94a3-4241-9cb6-09badf3f2a5e"
},
{
"date": "2019-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-44533"
},
{
"date": "2019-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012816"
},
{
"date": "2019-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1409"
},
{
"date": "2019-11-27T23:15:10.790000",
"db": "NVD",
"id": "CVE-2019-18247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-44533"
},
{
"date": "2019-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012816"
},
{
"date": "2020-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1409"
},
{
"date": "2024-11-21T04:32:54.943000",
"db": "NVD",
"id": "CVE-2019-18247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1409"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Relion 650 and 670 Input validation vulnerability in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012816"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "27fca591-94a3-4241-9cb6-09badf3f2a5e"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1409"
}
],
"trust": 0.8
}
}
VAR-202004-0657
Vulnerability from variot - Updated: 2024-11-23 22:48ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management.
ABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0657",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.5,
"vendor": "abb",
"version": "9.3"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "microscada pro sys600",
"version": "9.3"
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:microscada_pro_sys600",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
}
]
},
"cve": "CVE-2019-5620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5620",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015512",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-27090",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5620",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015512",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5620",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-015512",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-27090",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2435",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-5620",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management. \n\r\n\r\nABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5620",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2020-27090",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512",
"trust": 0.8
},
{
"db": "IVD",
"id": "D5816D51-DD65-4B53-A03D-B5A77883386C",
"trust": 0.2
},
{
"db": "IVD",
"id": "BAA1C90A-C3BD-4764-9EA3-66A131059A14",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-5620",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"id": "VAR-202004-0657",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
}
],
"trust": 1.75
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
}
]
},
"last_update_date": "2024-11-23T22:48:02.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5620"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"date": "2020-04-29T00:00:00",
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"date": "2020-04-29T23:15:13.033000",
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"date": "2024-11-21T04:45:15.187000",
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 1.0
}
}
VAR-201808-0397
Vulnerability from variot - Updated: 2024-11-23 22:45ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. ABB eSOMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company.
ABB eSOMS 6.0.2 version has an authorization vulnerability. Attackers can use this vulnerability to gain unauthorized access to the system. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0397",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "eq",
"trust": 2.3,
"vendor": "abb",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14805",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-28496",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125001",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14805",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14805",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14805",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-28496",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-904",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125001",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. ABB eSOMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS 6.0.2 version has an authorization vulnerability. Attackers can use this vulnerability to gain unauthorized access to the system. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14805"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "VULHUB",
"id": "VHN-125001"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-18-240-04",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2018-14805",
"trust": 3.4
},
{
"db": "BID",
"id": "105169",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28496",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-98908",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-125001",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"id": "VAR-201808-0397",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
}
],
"trust": 1.4258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
}
]
},
"last_update_date": "2024-11-23T22:45:15.523000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018030",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-240-04"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105169"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14805"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14805"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107046a5821\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"db": "VULHUB",
"id": "VHN-125001"
},
{
"db": "BID",
"id": "105169"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"date": "2018-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-125001"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105169"
},
{
"date": "2018-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"date": "2018-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"date": "2018-08-29T16:29:00.217000",
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28496"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125001"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105169"
},
{
"date": "2018-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009815"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-904"
},
{
"date": "2024-11-21T03:49:50.063000",
"db": "NVD",
"id": "CVE-2018-14805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009815"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-904"
}
],
"trust": 0.6
}
}
VAR-201901-1515
Vulnerability from variot - Updated: 2024-11-23 22:41ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message. ABB Relion 630 The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB Relion 630 is a relay device used for substation automation protection and control from ABB in Switzerland.
ABB Relion 630 has security vulnerabilities in version 1.1 before 1.1.0.C0, version 1.2 before 1.2.0.B3, and version 1.3 before 1.3.0.A6. ABB Relion 630 is prone to a denial-of-service vulnerability. Successful exploits of this issue may allow an attacker to crash the affected device, denying service to legitimate users. The following versions of ABB Relion 630 series are vulnerable: ABB Relion 630 series prior to 1.1.0.C0 ABB Relion 630 series prior to 1.2.0.B3 ABB Relion 630 series prior to 1.3.0.A6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-1515",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "relion 630",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.1.0"
},
{
"model": "relion 630",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.3.0"
},
{
"model": "relion 630",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.2.0"
},
{
"model": "relion 630",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.3.0.a6"
},
{
"model": "relion 630",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.2.0.b3"
},
{
"model": "relion 630",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.1.0.c0"
},
{
"model": "relion 630",
"scope": "lt",
"trust": 0.8,
"vendor": "abb",
"version": "1.1"
},
{
"model": "relion 630",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "1.2.0.b3"
},
{
"model": "relion 630",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "1.1.0.c0"
},
{
"model": "relion 630",
"scope": "lt",
"trust": 0.8,
"vendor": "abb",
"version": "1.2"
},
{
"model": "relion 630",
"scope": "lt",
"trust": 0.8,
"vendor": "abb",
"version": "1.3"
},
{
"model": "relion 630",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "1.3.0.a6"
},
{
"model": "relion 1.1,\u003c1.1.0.c0",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "630"
},
{
"model": "relion 1.2,\u003c1.2.0.b3",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "630"
},
{
"model": "relion 1.3,\u003c1.3.0.a6",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "630"
},
{
"model": "relion series",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6501.3"
},
{
"model": "relion series",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6301.3"
},
{
"model": "relion series",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6301.2"
},
{
"model": "relion series",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6301.1"
},
{
"model": "relion series 1.3.0.a6",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "630"
},
{
"model": "relion series 1.2.0.b3",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "630"
},
{
"model": "relion series 1.1.0.c0",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "630"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43690"
},
{
"db": "BID",
"id": "106641"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014101"
},
{
"db": "NVD",
"id": "CVE-2018-20720"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:abb:relion_630_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014101"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin (Positive Technologies) and Victor Nikitin (i-Grids).",
"sources": [
{
"db": "BID",
"id": "106641"
}
],
"trust": 0.3
},
"cve": "CVE-2018-20720",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20720",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2020-43690",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-20720",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20720",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-20720",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-43690",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-521",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43690"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014101"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-521"
},
{
"db": "NVD",
"id": "CVE-2018-20720"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message. ABB Relion 630 The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB Relion 630 is a relay device used for substation automation protection and control from ABB in Switzerland. \n\r\n\r\nABB Relion 630 has security vulnerabilities in version 1.1 before 1.1.0.C0, version 1.2 before 1.2.0.B3, and version 1.3 before 1.3.0.A6. ABB Relion 630 is prone to a denial-of-service vulnerability. \nSuccessful exploits of this issue may allow an attacker to crash the affected device, denying service to legitimate users. \nThe following versions of ABB Relion 630 series are vulnerable:\nABB Relion 630 series prior to 1.1.0.C0\nABB Relion 630 series prior to 1.2.0.B3\nABB Relion 630 series prior to 1.3.0.A6",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014101"
},
{
"db": "CNVD",
"id": "CNVD-2020-43690"
},
{
"db": "BID",
"id": "106641"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20720",
"trust": 3.3
},
{
"db": "BID",
"id": "106641",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014101",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-43690",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43883",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201901-521",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43690"
},
{
"db": "BID",
"id": "106641"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014101"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-521"
},
{
"db": "NVD",
"id": "CVE-2018-20720"
}
]
},
"id": "VAR-201901-1515",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43690"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43690"
}
]
},
"last_update_date": "2024-11-23T22:41:36.979000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-EPDS-DR1620",
"trust": 0.8,
"url": "http://search.abb.com/library/Download.aspx?DocumentID=1MRS758909\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB Relion 630 Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/228127"
},
{
"title": "ABB Relion 630 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=88659"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43690"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014101"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-521"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014101"
},
{
"db": "NVD",
"id": "CVE-2018-20720"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://search.abb.com/library/download.aspx?documentid=1mrs758909\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/106641"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20720"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20720"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43883"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43690"
},
{
"db": "BID",
"id": "106641"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014101"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-521"
},
{
"db": "NVD",
"id": "CVE-2018-20720"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-43690"
},
{
"db": "BID",
"id": "106641"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014101"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-521"
},
{
"db": "NVD",
"id": "CVE-2018-20720"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43690"
},
{
"date": "2019-01-15T00:00:00",
"db": "BID",
"id": "106641"
},
{
"date": "2019-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014101"
},
{
"date": "2019-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-521"
},
{
"date": "2019-01-16T03:29:00.237000",
"db": "NVD",
"id": "CVE-2018-20720"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43690"
},
{
"date": "2019-01-15T00:00:00",
"db": "BID",
"id": "106641"
},
{
"date": "2019-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014101"
},
{
"date": "2023-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-521"
},
{
"date": "2024-11-21T04:02:01.813000",
"db": "NVD",
"id": "CVE-2018-20720"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-521"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB Relion 630 Vulnerability related to input validation on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014101"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-521"
}
],
"trust": 0.6
}
}
VAR-201802-0669
Vulnerability from variot - Updated: 2024-11-23 22:34This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. ABB MicroSCADA Contains vulnerabilities related to authorization, permissions, and access control. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-5097 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB MicroSCADA is a substation monitoring software developed by ABB Switzerland for power transmission and distribution systems. The software includes Human Machine Interface (MMI) and flexible application engineering tools, and provides monitoring, event alarms, trend graph statistics and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0669",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.4"
},
{
"model": "sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.1.5"
},
{
"model": "sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.1"
},
{
"model": "sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.2"
},
{
"model": "sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.0"
},
{
"model": "sys600",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "microscada",
"scope": null,
"trust": 0.7,
"vendor": "abb",
"version": null
},
{
"model": "microscada with fp",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.32001/2/3"
},
{
"model": "sys600",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.4"
},
{
"model": "sys600",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.1.5"
},
{
"model": "sys600",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.1"
},
{
"model": "sys600",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.2"
},
{
"model": "sys600",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sys600",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sys600",
"version": "9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sys600",
"version": "9.1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sys600",
"version": "9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sys600",
"version": "9.4"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e96c0f-39ab-11e9-b513-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-141"
},
{
"db": "CNVD",
"id": "CNVD-2018-06247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002469"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-764"
},
{
"db": "NVD",
"id": "CVE-2018-1168"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:abb:sys600_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002469"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fritz Sands - Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-141"
}
],
"trust": 0.7
},
"cve": "CVE-2018-1168",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-1168",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "CVE-2018-1168",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-06247",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2e96c0f-39ab-11e9-b513-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-121563",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-1168",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-1168",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-1168",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2018-1168",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-06247",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-764",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e96c0f-39ab-11e9-b513-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121563",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-1168",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e96c0f-39ab-11e9-b513-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-141"
},
{
"db": "CNVD",
"id": "CNVD-2018-06247"
},
{
"db": "VULHUB",
"id": "VHN-121563"
},
{
"db": "VULMON",
"id": "CVE-2018-1168"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002469"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-764"
},
{
"db": "NVD",
"id": "CVE-2018-1168"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. ABB MicroSCADA Contains vulnerabilities related to authorization, permissions, and access control. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-5097 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB MicroSCADA is a substation monitoring software developed by ABB Switzerland for power transmission and distribution systems. The software includes Human Machine Interface (MMI) and flexible application engineering tools, and provides monitoring, event alarms, trend graph statistics and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1168"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002469"
},
{
"db": "ZDI",
"id": "ZDI-18-141"
},
{
"db": "CNVD",
"id": "CNVD-2018-06247"
},
{
"db": "IVD",
"id": "e2e96c0f-39ab-11e9-b513-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-121563"
},
{
"db": "VULMON",
"id": "CVE-2018-1168"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1168",
"trust": 4.1
},
{
"db": "ZDI",
"id": "ZDI-18-141",
"trust": 3.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-764",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06247",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002469",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5097",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2E96C0F-39AB-11E9-B513-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-121563",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1168",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e96c0f-39ab-11e9-b513-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-141"
},
{
"db": "CNVD",
"id": "CNVD-2018-06247"
},
{
"db": "VULHUB",
"id": "VHN-121563"
},
{
"db": "VULMON",
"id": "CVE-2018-1168"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002469"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-764"
},
{
"db": "NVD",
"id": "CVE-2018-1168"
}
]
},
"id": "VAR-201802-0669",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e96c0f-39ab-11e9-b513-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06247"
},
{
"db": "VULHUB",
"id": "VHN-121563"
}
],
"trust": 1.7928571350000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e96c0f-39ab-11e9-b513-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06247"
}
]
},
"last_update_date": "2024-11-23T22:34:20.523000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://new.abb.com/"
},
{
"title": "ABB has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://library.e.abb.com/public/7a88a74b12bb492ea138b1f2365d00f6/ABBVU-PGGA-33888_ABB_SoftwareVulnerabilityHandlingAdvisory_Rev_A.pdf?x-sign=MJfu9cHtRUUubpLAYzyWFTmW5W+mg3kZ/nm7F/Jw5HlFTQf4eNyfLAgE8HozRJEC"
},
{
"title": "Patch for ABB MicroSCADA Installation Rights Boost Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/123247"
},
{
"title": "ABB MicroSCADA Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78776"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExpLangcn/FuYao-Go "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-141"
},
{
"db": "CNVD",
"id": "CNVD-2018-06247"
},
{
"db": "VULMON",
"id": "CVE-2018-1168"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002469"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002469"
},
{
"db": "NVD",
"id": "CVE-2018-1168"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://library.e.abb.com/public/7a88a74b12bb492ea138b1f2365d00f6/abbvu-pgga-33888_abb_softwarevulnerabilityhandlingadvisory_rev_a.pdf?x-sign=mjfu9chtruuubplayzywftmw5w+mg3kz/nm7f/jw5hlftqf4enyflage8hozrjec"
},
{
"trust": 2.3,
"url": "https://zerodayinitiative.com/advisories/zdi-18-141"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1168"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1168"
},
{
"trust": 0.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-18-141/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-141"
},
{
"db": "CNVD",
"id": "CNVD-2018-06247"
},
{
"db": "VULHUB",
"id": "VHN-121563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002469"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-764"
},
{
"db": "NVD",
"id": "CVE-2018-1168"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e96c0f-39ab-11e9-b513-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-141"
},
{
"db": "CNVD",
"id": "CNVD-2018-06247"
},
{
"db": "VULHUB",
"id": "VHN-121563"
},
{
"db": "VULMON",
"id": "CVE-2018-1168"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002469"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-764"
},
{
"db": "NVD",
"id": "CVE-2018-1168"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-26T00:00:00",
"db": "IVD",
"id": "e2e96c0f-39ab-11e9-b513-000c29342cb1"
},
{
"date": "2018-02-06T00:00:00",
"db": "ZDI",
"id": "ZDI-18-141"
},
{
"date": "2018-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06247"
},
{
"date": "2018-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-121563"
},
{
"date": "2018-02-21T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1168"
},
{
"date": "2018-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002469"
},
{
"date": "2018-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-764"
},
{
"date": "2018-02-21T14:29:00.580000",
"db": "NVD",
"id": "CVE-2018-1168"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "ZDI",
"id": "ZDI-18-141"
},
{
"date": "2018-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06247"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-121563"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1168"
},
{
"date": "2018-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002469"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-764"
},
{
"date": "2024-11-21T03:59:19.467000",
"db": "NVD",
"id": "CVE-2018-1168"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-764"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-764"
}
],
"trust": 0.6
}
}
VAR-202004-0858
Vulnerability from variot - Updated: 2024-11-23 21:35eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. ABB eSOMS There is a vulnerability in requesting a weak password.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker could exploit this vulnerability to gain access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0858",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.3"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.3"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
}
]
},
"cve": "CVE-2019-19093",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-19093",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015258",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19562",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-151505",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-19093",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015258",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19093",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19093",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015258",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19562",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-802",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151505",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. ABB eSOMS There is a vulnerability in requesting a weak password.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker could exploit this vulnerability to gain access",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19093"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "VULHUB",
"id": "VHN-151505"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19093",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19562",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "176B77D1-77AD-47C4-84BE-1B3053F8392C",
"trust": 0.2
},
{
"db": "IVD",
"id": "38DFBFD7-D2E5-4AAB-B361-EED6A4A18CCD",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151505",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"id": "VAR-202004-0858",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
}
]
},
"last_update_date": "2024-11-23T21:35:58.793000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS weak password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211047"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112318"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19093"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19093"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"db": "VULHUB",
"id": "VHN-151505"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151505"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"date": "2020-04-02T20:15:14.940000",
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19562"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151505"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015258"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-802"
},
{
"date": "2024-11-21T04:34:11.277000",
"db": "NVD",
"id": "CVE-2019-19093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Weak password vulnerability",
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19562"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "176b77d1-77ad-47c4-84be-1b3053f8392c"
},
{
"db": "IVD",
"id": "38dfbfd7-d2e5-4aab-b361-eed6a4a18ccd"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-802"
}
],
"trust": 1.0
}
}
VAR-202004-0853
Vulnerability from variot - Updated: 2024-11-23 21:35For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company.
ABB eSOMS has a security vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0853",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esoms",
"scope": "lte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "6.0.2"
},
{
"model": "esoms",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "4.0"
},
{
"model": "esoms",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "4.0 \u304b\u3089 6.0.2"
},
{
"model": "esoms",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esoms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:esoms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
}
]
},
"cve": "CVE-2019-19003",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-19003",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015253",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19566",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3f144945-21d7-4c04-88a4-23b9959852a0",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-151406",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-19003",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-19003",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015253",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19003",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-19003",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015253",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19566",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-809",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151406",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. \n\r\n\r\nABB eSOMS has a security vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19003"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "VULHUB",
"id": "VHN-151406"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19003",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-072-01",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19566",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0929",
"trust": 0.6
},
{
"db": "IVD",
"id": "B8FF984B-8752-4A47-AC75-7EB69E8E792D",
"trust": 0.2
},
{
"db": "IVD",
"id": "3F144945-21D7-4C04-88A4-23B9959852A0",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-151406",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"id": "VAR-202004-0853",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
}
],
"trust": 1.8258065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
}
]
},
"last_update_date": "2024-11-23T21:35:58.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PGGA-2018035",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19566)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211039"
},
{
"title": "ABB eSOMS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112330"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
},
{
"problemtype": "CWE-16",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-01"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19003"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0929/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk107492a9964\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"db": "VULHUB",
"id": "VHN-151406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "b8ff984b-8752-4a47-ac75-7eb69e8e792d"
},
{
"date": "2020-03-12T00:00:00",
"db": "IVD",
"id": "3f144945-21d7-4c04-88a4-23b9959852a0"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-151406"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"date": "2020-04-02T20:15:14.097000",
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19566"
},
{
"date": "2020-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-151406"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015253"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-809"
},
{
"date": "2024-11-21T04:33:58.477000",
"db": "NVD",
"id": "CVE-2019-19003"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB eSOMS Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015253"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-809"
}
],
"trust": 0.6
}
}
CVE-2025-39205 (GCVE-0-2025-39205)
Vulnerability from nvd – Published: 2025-06-24 12:13 – Updated: 2025-10-01 14:58
VLAI
Summary
A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.3 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:05.197451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:09.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation."
}
],
"value": "A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T14:58:20.730Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39205",
"datePublished": "2025-06-24T12:13:20.791Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-10-01T14:58:20.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39204 (GCVE-0-2025-39204)
Vulnerability from nvd – Published: 2025-06-24 12:01 – Updated: 2025-06-25 12:42
VLAI
Summary
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.0 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:07.253183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:14.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user."
}
],
"value": "A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:46:35.883Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39204",
"datePublished": "2025-06-24T12:01:09.855Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-06-25T12:42:14.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39203 (GCVE-0-2025-39203)
Vulnerability from nvd – Published: 2025-06-24 11:57 – Updated: 2025-10-07 10:00
VLAI
Summary
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.5 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:09.329141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:19.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop."
}
],
"value": "A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop."
}
],
"impacts": [
{
"capecId": "CAPEC-595",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-595 Connection Reset"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T10:00:29.745Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39203",
"datePublished": "2025-06-24T11:57:04.229Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-10-07T10:00:29.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39202 (GCVE-0-2025-39202)
Vulnerability from nvd – Published: 2025-06-24 11:51 – Updated: 2025-06-25 12:42
VLAI
Summary
A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.0 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:23:46.957075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:25.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption."
}
],
"value": "A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption."
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:13:37.460Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39202",
"datePublished": "2025-06-24T11:51:58.576Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-06-25T12:42:25.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39201 (GCVE-0-2025-39201)
Vulnerability from nvd – Published: 2025-06-24 11:46 – Updated: 2025-06-25 12:42
VLAI
Summary
A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.0 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:11.449617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:30.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service."
}
],
"value": "A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service."
}
],
"impacts": [
{
"capecId": "CAPEC-75",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-75 Manipulating Writeable Configuration Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:34:24.888Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39201",
"datePublished": "2025-06-24T11:46:11.548Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-06-25T12:42:30.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39205 (GCVE-0-2025-39205)
Vulnerability from cvelistv5 – Published: 2025-06-24 12:13 – Updated: 2025-10-01 14:58
VLAI
Summary
A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.3 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:05.197451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:09.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation."
}
],
"value": "A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T14:58:20.730Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39205",
"datePublished": "2025-06-24T12:13:20.791Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-10-01T14:58:20.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39204 (GCVE-0-2025-39204)
Vulnerability from cvelistv5 – Published: 2025-06-24 12:01 – Updated: 2025-06-25 12:42
VLAI
Summary
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.0 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:07.253183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:14.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user."
}
],
"value": "A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:46:35.883Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39204",
"datePublished": "2025-06-24T12:01:09.855Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-06-25T12:42:14.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39203 (GCVE-0-2025-39203)
Vulnerability from cvelistv5 – Published: 2025-06-24 11:57 – Updated: 2025-10-07 10:00
VLAI
Summary
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.5 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:09.329141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:19.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop."
}
],
"value": "A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop."
}
],
"impacts": [
{
"capecId": "CAPEC-595",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-595 Connection Reset"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T10:00:29.745Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39203",
"datePublished": "2025-06-24T11:57:04.229Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-10-07T10:00:29.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39202 (GCVE-0-2025-39202)
Vulnerability from cvelistv5 – Published: 2025-06-24 11:51 – Updated: 2025-06-25 12:42
VLAI
Summary
A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.0 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:23:46.957075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:25.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption."
}
],
"value": "A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption."
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:13:37.460Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39202",
"datePublished": "2025-06-24T11:51:58.576Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-06-25T12:42:25.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39201 (GCVE-0-2025-39201)
Vulnerability from cvelistv5 – Published: 2025-06-24 11:46 – Updated: 2025-06-25 12:42
VLAI
Summary
A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.0 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:11.449617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:30.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service."
}
],
"value": "A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service."
}
],
"impacts": [
{
"capecId": "CAPEC-75",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-75 Manipulating Writeable Configuration Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:34:24.888Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39201",
"datePublished": "2025-06-24T11:46:11.548Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-06-25T12:42:30.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}