Sign-up

ID

VAR-202004-0850


CVE

CVE-2019-19000


TITLE

ABB eSOMS Information Disclosure Vulnerability

Trust: 1.6

sources: IVD: a9521391-8cd5-4d08-97ad-c61df08347cf // IVD: b83da059-72a8-4a49-8f12-c32942ea1a67 // CNVD: CNVD-2020-17168 // CNNVD: CNNVD-202003-817

DESCRIPTION

For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. ABB eSOMS has an information disclosure vulnerability, which can be exploited by attackers to conduct cross-site scripting attacks. The vulnerability is caused by the response from the web server not setting the X-XSS-Protection HTTP response header and some old browsers do not support Content Security Policy

Trust: 2.61

sources: NVD: CVE-2019-19000 // JVNDB: JVNDB-2019-015250 // CNVD: CNVD-2020-17168 // IVD: a9521391-8cd5-4d08-97ad-c61df08347cf // IVD: b83da059-72a8-4a49-8f12-c32942ea1a67 // VULHUB: VHN-151403

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: a9521391-8cd5-4d08-97ad-c61df08347cf // IVD: b83da059-72a8-4a49-8f12-c32942ea1a67 // CNVD: CNVD-2020-17168

AFFECTED PRODUCTS

vendor:hitachienergymodel:esomsscope:lteversion:6.0.3

Trust: 1.0

vendor:hitachienergymodel:esomsscope:gteversion:4.0

Trust: 1.0

vendor:abbmodel:esomsscope:eqversion:4.0 から 6.0.3

Trust: 0.8

vendor:abbmodel:esomsscope: - version: -

Trust: 0.6

vendor:esomsmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: a9521391-8cd5-4d08-97ad-c61df08347cf // IVD: b83da059-72a8-4a49-8f12-c32942ea1a67 // CNVD: CNVD-2020-17168 // JVNDB: JVNDB-2019-015250 // NVD: CVE-2019-19000

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19000
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19000
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015250
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-17168
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-817
value: MEDIUM

Trust: 0.6

IVD: a9521391-8cd5-4d08-97ad-c61df08347cf
value: MEDIUM

Trust: 0.2

IVD: b83da059-72a8-4a49-8f12-c32942ea1a67
value: MEDIUM

Trust: 0.2

VULHUB: VHN-151403
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-19000
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015250
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-17168
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a9521391-8cd5-4d08-97ad-c61df08347cf
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: b83da059-72a8-4a49-8f12-c32942ea1a67
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-151403
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-19000
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-015250
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: a9521391-8cd5-4d08-97ad-c61df08347cf // IVD: b83da059-72a8-4a49-8f12-c32942ea1a67 // CNVD: CNVD-2020-17168 // VULHUB: VHN-151403 // JVNDB: JVNDB-2019-015250 // CNNVD: CNNVD-202003-817 // NVD: CVE-2019-19000 // NVD: CVE-2019-19000

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-16

Trust: 1.0

problemtype:CWE-202

Trust: 1.0

sources: VULHUB: VHN-151403 // JVNDB: JVNDB-2019-015250 // NVD: CVE-2019-19000

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-817

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202003-817

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015250

PATCH
title:ABBVU-PGGA-2018035url:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB eSOMS information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/208961
Trust: 0.6
title:ABB eSOMS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112338
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-17168 // 
            
            
            
            JVNDB: JVNDB-2019-015250 // 
            
            
            
            CNNVD: CNNVD-202003-817

EXTERNAL IDS
db:NVDid:CVE-2019-19000
Trust: 3.5
db:ICS CERTid:ICSA-20-072-01
Trust: 2.0
db:CNVDid:CNVD-2020-17168
Trust: 1.1
db:CNNVDid:CNNVD-202003-817
Trust: 1.1
db:JVNDBid:JVNDB-2019-015250
Trust: 0.8
db:AUSCERTid:ESB-2020.0929
Trust: 0.6
db:IVDid:A9521391-8CD5-4D08-97AD-C61DF08347CF
Trust: 0.2
db:IVDid:B83DA059-72A8-4A49-8F12-C32942EA1A67
Trust: 0.2
db:VULHUBid:VHN-151403
Trust: 0.1
sources:
            
            
            IVD: a9521391-8cd5-4d08-97ad-c61df08347cf // 
            
            
            
            IVD: b83da059-72a8-4a49-8f12-c32942ea1a67 // 
            
            
            
            CNVD: CNVD-2020-17168 // 
            
            
            
            VULHUB: VHN-151403 // 
            
            
            
            JVNDB: JVNDB-2019-015250 // 
            
            
            
            CNNVD: CNNVD-202003-817 // 
            
            
            
            NVD: CVE-2019-19000

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-072-01
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-19000
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19000
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0929/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&languagecode=en&documentpartid=&action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-17168 // 
            
            
            
            VULHUB: VHN-151403 // 
            
            
            
            JVNDB: JVNDB-2019-015250 // 
            
            
            
            CNNVD: CNNVD-202003-817 // 
            
            
            
            NVD: CVE-2019-19000

SOURCES
db:IVDid:a9521391-8cd5-4d08-97ad-c61df08347cf
db:IVDid:b83da059-72a8-4a49-8f12-c32942ea1a67
db:CNVDid:CNVD-2020-17168
db:VULHUBid:VHN-151403
db:JVNDBid:JVNDB-2019-015250
db:CNNVDid:CNNVD-202003-817
db:NVDid:CVE-2019-19000

LAST UPDATE DATE
2024-11-23T21:35:54.969000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-17168date:2020-03-15T00:00:00
db:VULHUBid:VHN-151403date:2020-04-03T00:00:00
db:JVNDBid:JVNDB-2019-015250date:2020-06-24T00:00:00
db:CNNVDid:CNNVD-202003-817date:2020-04-07T00:00:00
db:NVDid:CVE-2019-19000date:2024-11-21T04:33:58.133

SOURCES RELEASE DATE
db:IVDid:a9521391-8cd5-4d08-97ad-c61df08347cfdate:2020-03-12T00:00:00
db:IVDid:b83da059-72a8-4a49-8f12-c32942ea1a67date:2020-03-12T00:00:00
db:CNVDid:CNVD-2020-17168date:2020-03-15T00:00:00
db:VULHUBid:VHN-151403date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-015250date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-817date:2020-03-12T00:00:00
db:NVDid:CVE-2019-19000date:2020-04-02T20:15:13.863