Sign-up

ID

VAR-202004-0851


CVE

CVE-2019-19001


TITLE

ABB eSOMS Vulnerability regarding improper restrictions on rendered user interface layers or frames in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015251

DESCRIPTION

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. ABB eSOMS Is vulnerable to improper restrictions on rendered user interface layers or frames.Information may be obtained. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. There is a misconfiguration vulnerability in ABB eSOMS 4.0 to 6.0.2

Trust: 2.61

sources: NVD: CVE-2019-19001 // JVNDB: JVNDB-2019-015251 // CNVD: CNVD-2020-19564 // IVD: b3bc4f61-5293-4f8a-8374-a16d93d111ff // IVD: fb967c1b-5c46-4015-bace-1d398b4eb40d // VULHUB: VHN-151404

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: b3bc4f61-5293-4f8a-8374-a16d93d111ff // IVD: fb967c1b-5c46-4015-bace-1d398b4eb40d // CNVD: CNVD-2020-19564

AFFECTED PRODUCTS

vendor:hitachienergymodel:esomsscope:lteversion:6.0.2

Trust: 1.0

vendor:hitachienergymodel:esomsscope:gteversion:4.0

Trust: 1.0

vendor:abbmodel:esomsscope:eqversion:4.0 から 6.0.2

Trust: 0.8

vendor:abbmodel:esomsscope:lteversion:<=6.0.2

Trust: 0.6

vendor:esomsmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: b3bc4f61-5293-4f8a-8374-a16d93d111ff // IVD: fb967c1b-5c46-4015-bace-1d398b4eb40d // CNVD: CNVD-2020-19564 // JVNDB: JVNDB-2019-015251 // NVD: CVE-2019-19001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19001
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19001
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015251
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-19564
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-814
value: MEDIUM

Trust: 0.6

IVD: b3bc4f61-5293-4f8a-8374-a16d93d111ff
value: MEDIUM

Trust: 0.2

IVD: fb967c1b-5c46-4015-bace-1d398b4eb40d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-151404
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-19001
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015251
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19564
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: b3bc4f61-5293-4f8a-8374-a16d93d111ff
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: fb967c1b-5c46-4015-bace-1d398b4eb40d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-151404
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-19001
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-015251
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: b3bc4f61-5293-4f8a-8374-a16d93d111ff // IVD: fb967c1b-5c46-4015-bace-1d398b4eb40d // CNVD: CNVD-2020-19564 // VULHUB: VHN-151404 // JVNDB: JVNDB-2019-015251 // CNNVD: CNNVD-202003-814 // NVD: CVE-2019-19001 // NVD: CVE-2019-19001

PROBLEMTYPE DATA

problemtype:CWE-1021

Trust: 1.8

problemtype:CWE-16

Trust: 1.0

sources: JVNDB: JVNDB-2019-015251 // NVD: CVE-2019-19001

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-814

TYPE

Configuration error

Trust: 1.0

sources: IVD: b3bc4f61-5293-4f8a-8374-a16d93d111ff // IVD: fb967c1b-5c46-4015-bace-1d398b4eb40d // CNNVD: CNNVD-202003-814

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015251

PATCH
title:ABBVU-PGGA-2018035url:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB eSOMS has unknown vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/211035
Trust: 0.6
title:ABB eSOMS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112334
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19564 // 
            
            
            
            JVNDB: JVNDB-2019-015251 // 
            
            
            
            CNNVD: CNNVD-202003-814

EXTERNAL IDS
db:NVDid:CVE-2019-19001
Trust: 3.5
db:ICS CERTid:ICSA-20-072-01
Trust: 2.0
db:CNVDid:CNVD-2020-19564
Trust: 1.1
db:CNNVDid:CNNVD-202003-814
Trust: 1.1
db:JVNDBid:JVNDB-2019-015251
Trust: 0.8
db:AUSCERTid:ESB-2020.0929
Trust: 0.6
db:IVDid:B3BC4F61-5293-4F8A-8374-A16D93D111FF
Trust: 0.2
db:IVDid:FB967C1B-5C46-4015-BACE-1D398B4EB40D
Trust: 0.2
db:VULHUBid:VHN-151404
Trust: 0.1
sources:
            
            
            IVD: b3bc4f61-5293-4f8a-8374-a16d93d111ff // 
            
            
            
            IVD: fb967c1b-5c46-4015-bace-1d398b4eb40d // 
            
            
            
            CNVD: CNVD-2020-19564 // 
            
            
            
            VULHUB: VHN-151404 // 
            
            
            
            JVNDB: JVNDB-2019-015251 // 
            
            
            
            CNNVD: CNNVD-202003-814 // 
            
            
            
            NVD: CVE-2019-19001

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-072-01
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-19001
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19001
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0929/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-19564 // 
            
            
            
            VULHUB: VHN-151404 // 
            
            
            
            JVNDB: JVNDB-2019-015251 // 
            
            
            
            CNNVD: CNNVD-202003-814 // 
            
            
            
            NVD: CVE-2019-19001

SOURCES
db:IVDid:b3bc4f61-5293-4f8a-8374-a16d93d111ff
db:IVDid:fb967c1b-5c46-4015-bace-1d398b4eb40d
db:CNVDid:CNVD-2020-19564
db:VULHUBid:VHN-151404
db:JVNDBid:JVNDB-2019-015251
db:CNNVDid:CNNVD-202003-814
db:NVDid:CVE-2019-19001

LAST UPDATE DATE
2024-11-23T21:35:54.855000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19564date:2020-03-26T00:00:00
db:VULHUBid:VHN-151404date:2020-04-03T00:00:00
db:JVNDBid:JVNDB-2019-015251date:2020-06-24T00:00:00
db:CNNVDid:CNNVD-202003-814date:2020-04-07T00:00:00
db:NVDid:CVE-2019-19001date:2024-11-21T04:33:58.243

SOURCES RELEASE DATE
db:IVDid:b3bc4f61-5293-4f8a-8374-a16d93d111ffdate:2020-03-12T00:00:00
db:IVDid:fb967c1b-5c46-4015-bace-1d398b4eb40ddate:2020-03-12T00:00:00
db:CNVDid:CNVD-2020-19564date:2020-03-26T00:00:00
db:VULHUBid:VHN-151404date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-015251date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-814date:2020-03-12T00:00:00
db:NVDid:CVE-2019-19001date:2020-04-02T20:15:13.940