Sign-up

ID

VAR-202004-0852


CVE

CVE-2019-19002


TITLE

ABB eSOMS Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015252

DESCRIPTION

For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company

Trust: 2.61

sources: NVD: CVE-2019-19002 // JVNDB: JVNDB-2019-015252 // CNVD: CNVD-2020-19565 // IVD: cf8ee712-306f-4e13-ac79-76fe31f5ecdd // IVD: 36cb39cf-844f-4bc2-aeb5-60bf5a28b69c // VULHUB: VHN-151405

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: cf8ee712-306f-4e13-ac79-76fe31f5ecdd // IVD: 36cb39cf-844f-4bc2-aeb5-60bf5a28b69c // CNVD: CNVD-2020-19565

AFFECTED PRODUCTS

vendor:hitachienergymodel:esomsscope:lteversion:6.0.2

Trust: 1.0

vendor:hitachienergymodel:esomsscope:gteversion:4.0

Trust: 1.0

vendor:abbmodel:esomsscope:eqversion:4.0 から 6.0.2

Trust: 0.8

vendor:abbmodel:esomsscope:lteversion:<=6.0.2

Trust: 0.6

vendor:esomsmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: cf8ee712-306f-4e13-ac79-76fe31f5ecdd // IVD: 36cb39cf-844f-4bc2-aeb5-60bf5a28b69c // CNVD: CNVD-2020-19565 // JVNDB: JVNDB-2019-015252 // NVD: CVE-2019-19002

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19002
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19002
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015252
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-19565
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-812
value: MEDIUM

Trust: 0.6

IVD: cf8ee712-306f-4e13-ac79-76fe31f5ecdd
value: MEDIUM

Trust: 0.2

IVD: 36cb39cf-844f-4bc2-aeb5-60bf5a28b69c
value: MEDIUM

Trust: 0.2

VULHUB: VHN-151405
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-19002
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015252
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19565
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: cf8ee712-306f-4e13-ac79-76fe31f5ecdd
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 36cb39cf-844f-4bc2-aeb5-60bf5a28b69c
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-151405
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-19002
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19002
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015252
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: cf8ee712-306f-4e13-ac79-76fe31f5ecdd // IVD: 36cb39cf-844f-4bc2-aeb5-60bf5a28b69c // CNVD: CNVD-2020-19565 // VULHUB: VHN-151405 // JVNDB: JVNDB-2019-015252 // CNNVD: CNNVD-202003-812 // NVD: CVE-2019-19002 // NVD: CVE-2019-19002

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

problemtype:CWE-16

Trust: 1.0

sources: VULHUB: VHN-151405 // JVNDB: JVNDB-2019-015252 // NVD: CVE-2019-19002

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-812

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-812

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015252

PATCH
title:ABBVU-PGGA-2018035url:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19565)url:https://www.cnvd.org.cn/patchInfo/show/211037
Trust: 0.6
title:ABB eSOMS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112332
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19565 // 
            
            
            
            JVNDB: JVNDB-2019-015252 // 
            
            
            
            CNNVD: CNNVD-202003-812

EXTERNAL IDS
db:NVDid:CVE-2019-19002
Trust: 3.5
db:ICS CERTid:ICSA-20-072-01
Trust: 2.0
db:CNVDid:CNVD-2020-19565
Trust: 1.1
db:CNNVDid:CNNVD-202003-812
Trust: 1.1
db:JVNDBid:JVNDB-2019-015252
Trust: 0.8
db:AUSCERTid:ESB-2020.0929
Trust: 0.6
db:IVDid:CF8EE712-306F-4E13-AC79-76FE31F5ECDD
Trust: 0.2
db:IVDid:36CB39CF-844F-4BC2-AEB5-60BF5A28B69C
Trust: 0.2
db:VULHUBid:VHN-151405
Trust: 0.1
sources:
            
            
            IVD: cf8ee712-306f-4e13-ac79-76fe31f5ecdd // 
            
            
            
            IVD: 36cb39cf-844f-4bc2-aeb5-60bf5a28b69c // 
            
            
            
            CNVD: CNVD-2020-19565 // 
            
            
            
            VULHUB: VHN-151405 // 
            
            
            
            JVNDB: JVNDB-2019-015252 // 
            
            
            
            CNNVD: CNNVD-202003-812 // 
            
            
            
            NVD: CVE-2019-19002

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-072-01
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-19002
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19002
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0929/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-19565 // 
            
            
            
            VULHUB: VHN-151405 // 
            
            
            
            JVNDB: JVNDB-2019-015252 // 
            
            
            
            CNNVD: CNNVD-202003-812 // 
            
            
            
            NVD: CVE-2019-19002

SOURCES
db:IVDid:cf8ee712-306f-4e13-ac79-76fe31f5ecdd
db:IVDid:36cb39cf-844f-4bc2-aeb5-60bf5a28b69c
db:CNVDid:CNVD-2020-19565
db:VULHUBid:VHN-151405
db:JVNDBid:JVNDB-2019-015252
db:CNNVDid:CNNVD-202003-812
db:NVDid:CVE-2019-19002

LAST UPDATE DATE
2024-11-23T21:35:58.638000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19565date:2020-03-26T00:00:00
db:VULHUBid:VHN-151405date:2020-04-03T00:00:00
db:JVNDBid:JVNDB-2019-015252date:2020-06-24T00:00:00
db:CNNVDid:CNNVD-202003-812date:2020-04-07T00:00:00
db:NVDid:CVE-2019-19002date:2024-11-21T04:33:58.357

SOURCES RELEASE DATE
db:IVDid:cf8ee712-306f-4e13-ac79-76fe31f5ecdddate:2020-03-12T00:00:00
db:IVDid:36cb39cf-844f-4bc2-aeb5-60bf5a28b69cdate:2020-03-12T00:00:00
db:CNVDid:CNVD-2020-19565date:2020-03-26T00:00:00
db:VULHUBid:VHN-151405date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-015252date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-812date:2020-03-12T00:00:00
db:NVDid:CVE-2019-19002date:2020-04-02T20:15:14.003