Sign-up

ID

VAR-202004-0657


CVE

CVE-2019-5620


TITLE

ABB MicroSCADA Pro SYS600 Access Control Error Vulnerability

Trust: 1.6

sources: IVD: d5816d51-dd65-4b53-a03d-b5a77883386c // IVD: baa1c90a-c3bd-4764-9ea3-66a131059a14 // CNVD: CNVD-2020-27090 // CNNVD: CNNVD-202004-2435

DESCRIPTION

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management. ABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available

Trust: 2.61

sources: NVD: CVE-2019-5620 // JVNDB: JVNDB-2019-015512 // CNVD: CNVD-2020-27090 // IVD: d5816d51-dd65-4b53-a03d-b5a77883386c // IVD: baa1c90a-c3bd-4764-9ea3-66a131059a14 // VULMON: CVE-2019-5620

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: d5816d51-dd65-4b53-a03d-b5a77883386c // IVD: baa1c90a-c3bd-4764-9ea3-66a131059a14 // CNVD: CNVD-2020-27090

AFFECTED PRODUCTS

vendor:abbmodel:microscada pro sys600scope:eqversion:9.3

Trust: 1.5

vendor:hitachienergymodel:microscada pro sys600scope:eqversion:9.3

Trust: 1.0

vendor:microscada pro sys600model: - scope:eqversion:9.3

Trust: 0.4

sources: IVD: d5816d51-dd65-4b53-a03d-b5a77883386c // IVD: baa1c90a-c3bd-4764-9ea3-66a131059a14 // CNVD: CNVD-2020-27090 // VULMON: CVE-2019-5620 // JVNDB: JVNDB-2019-015512 // NVD: CVE-2019-5620

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5620
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-015512
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-27090
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-2435
value: MEDIUM

Trust: 0.6

IVD: d5816d51-dd65-4b53-a03d-b5a77883386c
value: MEDIUM

Trust: 0.2

IVD: baa1c90a-c3bd-4764-9ea3-66a131059a14
value: MEDIUM

Trust: 0.2

VULMON: CVE-2019-5620
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-5620
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015512
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27090
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: d5816d51-dd65-4b53-a03d-b5a77883386c
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: baa1c90a-c3bd-4764-9ea3-66a131059a14
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-5620
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015512
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: d5816d51-dd65-4b53-a03d-b5a77883386c // IVD: baa1c90a-c3bd-4764-9ea3-66a131059a14 // CNVD: CNVD-2020-27090 // VULMON: CVE-2019-5620 // JVNDB: JVNDB-2019-015512 // CNNVD: CNNVD-202004-2435 // NVD: CVE-2019-5620

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2019-015512 // NVD: CVE-2019-5620

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2435

TYPE

Access control error

Trust: 1.0

sources: IVD: d5816d51-dd65-4b53-a03d-b5a77883386c // IVD: baa1c90a-c3bd-4764-9ea3-66a131059a14 // CNNVD: CNNVD-202004-2435

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015512

PATCH
title:Top Pageurl:https://new.abb.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015512

EXTERNAL IDS
db:NVDid:CVE-2019-5620
Trust: 3.5
db:CNVDid:CNVD-2020-27090
Trust: 1.0
db:CNNVDid:CNNVD-202004-2435
Trust: 1.0
db:JVNDBid:JVNDB-2019-015512
Trust: 0.8
db:IVDid:D5816D51-DD65-4B53-A03D-B5A77883386C
Trust: 0.2
db:IVDid:BAA1C90A-C3BD-4764-9EA3-66A131059A14
Trust: 0.2
db:VULMONid:CVE-2019-5620
Trust: 0.1
sources:
            
            
            IVD: d5816d51-dd65-4b53-a03d-b5a77883386c // 
            
            
            
            IVD: baa1c90a-c3bd-4764-9ea3-66a131059a14 // 
            
            
            
            CNVD: CNVD-2020-27090 // 
            
            
            
            VULMON: CVE-2019-5620 // 
            
            
            
            JVNDB: JVNDB-2019-015512 // 
            
            
            
            CNNVD: CNNVD-202004-2435 // 
            
            
            
            NVD: CVE-2019-5620

REFERENCES
url:https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-5620
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5620
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27090 // 
            
            
            
            VULMON: CVE-2019-5620 // 
            
            
            
            JVNDB: JVNDB-2019-015512 // 
            
            
            
            CNNVD: CNNVD-202004-2435 // 
            
            
            
            NVD: CVE-2019-5620

SOURCES
db:IVDid:d5816d51-dd65-4b53-a03d-b5a77883386c
db:IVDid:baa1c90a-c3bd-4764-9ea3-66a131059a14
db:CNVDid:CNVD-2020-27090
db:VULMONid:CVE-2019-5620
db:JVNDBid:JVNDB-2019-015512
db:CNNVDid:CNNVD-202004-2435
db:NVDid:CVE-2019-5620

LAST UPDATE DATE
2024-11-23T22:48:02.248000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27090date:2020-05-08T00:00:00
db:VULMONid:CVE-2019-5620date:2020-05-06T00:00:00
db:JVNDBid:JVNDB-2019-015512date:2020-05-29T00:00:00
db:CNNVDid:CNNVD-202004-2435date:2020-05-15T00:00:00
db:NVDid:CVE-2019-5620date:2024-11-21T04:45:15.187

SOURCES RELEASE DATE
db:IVDid:d5816d51-dd65-4b53-a03d-b5a77883386cdate:2020-04-29T00:00:00
db:IVDid:baa1c90a-c3bd-4764-9ea3-66a131059a14date:2020-04-29T00:00:00
db:CNVDid:CNVD-2020-27090date:2020-05-08T00:00:00
db:VULMONid:CVE-2019-5620date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2019-015512date:2020-05-29T00:00:00
db:CNNVDid:CNNVD-202004-2435date:2020-04-29T00:00:00
db:NVDid:CVE-2019-5620date:2020-04-29T23:15:13.033