Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-18998

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.

Published

2020-02-17T19:15:12.150

Last Modified

2024-11-21T04:33:57.980

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-284
Type: Primary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitachienergy	asset_suite	≤ 9.3.0	Yes
Application	hitachienergy	asset_suite	< 9.4.2.6	Yes
Application	hitachienergy	asset_suite	< 9.5.3.2	Yes
Application	hitachienergy	asset_suite	9.6.0	Yes

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory ([email protected])
https://www.us-cert.gov/ics/advisories/icsa-20-072-02 Third Party Advisory, US Government Resource ([email protected])
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.us-cert.gov/ics/advisories/icsa-20-072-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)