Sign-up

ID

VAR-202004-0853


CVE

CVE-2019-19003


TITLE

ABB eSOMS Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015253

DESCRIPTION

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. ABB eSOMS has a security vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks

Trust: 2.61

sources: NVD: CVE-2019-19003 // JVNDB: JVNDB-2019-015253 // CNVD: CNVD-2020-19566 // IVD: b8ff984b-8752-4a47-ac75-7eb69e8e792d // IVD: 3f144945-21d7-4c04-88a4-23b9959852a0 // VULHUB: VHN-151406

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: b8ff984b-8752-4a47-ac75-7eb69e8e792d // IVD: 3f144945-21d7-4c04-88a4-23b9959852a0 // CNVD: CNVD-2020-19566

AFFECTED PRODUCTS

vendor:hitachienergymodel:esomsscope:lteversion:6.0.2

Trust: 1.0

vendor:hitachienergymodel:esomsscope:gteversion:4.0

Trust: 1.0

vendor:abbmodel:esomsscope:eqversion:4.0 から 6.0.2

Trust: 0.8

vendor:abbmodel:esomsscope:lteversion:<=6.0.2

Trust: 0.6

vendor:esomsmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: b8ff984b-8752-4a47-ac75-7eb69e8e792d // IVD: 3f144945-21d7-4c04-88a4-23b9959852a0 // CNVD: CNVD-2020-19566 // JVNDB: JVNDB-2019-015253 // NVD: CVE-2019-19003

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19003
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19003
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015253
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-19566
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-809
value: MEDIUM

Trust: 0.6

IVD: b8ff984b-8752-4a47-ac75-7eb69e8e792d
value: MEDIUM

Trust: 0.2

IVD: 3f144945-21d7-4c04-88a4-23b9959852a0
value: MEDIUM

Trust: 0.2

VULHUB: VHN-151406
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-19003
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015253
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19566
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: b8ff984b-8752-4a47-ac75-7eb69e8e792d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 3f144945-21d7-4c04-88a4-23b9959852a0
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-151406
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-19003
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19003
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015253
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: b8ff984b-8752-4a47-ac75-7eb69e8e792d // IVD: 3f144945-21d7-4c04-88a4-23b9959852a0 // CNVD: CNVD-2020-19566 // VULHUB: VHN-151406 // JVNDB: JVNDB-2019-015253 // CNNVD: CNNVD-202003-809 // NVD: CVE-2019-19003 // NVD: CVE-2019-19003

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

problemtype:CWE-16

Trust: 1.0

sources: VULHUB: VHN-151406 // JVNDB: JVNDB-2019-015253 // NVD: CVE-2019-19003

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-809

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-809

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015253

PATCH
title:ABBVU-PGGA-2018035url:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19566)url:https://www.cnvd.org.cn/patchInfo/show/211039
Trust: 0.6
title:ABB eSOMS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112330
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19566 // 
            
            
            
            JVNDB: JVNDB-2019-015253 // 
            
            
            
            CNNVD: CNNVD-202003-809

EXTERNAL IDS
db:NVDid:CVE-2019-19003
Trust: 3.5
db:ICS CERTid:ICSA-20-072-01
Trust: 2.0
db:CNVDid:CNVD-2020-19566
Trust: 1.1
db:CNNVDid:CNNVD-202003-809
Trust: 1.1
db:JVNDBid:JVNDB-2019-015253
Trust: 0.8
db:AUSCERTid:ESB-2020.0929
Trust: 0.6
db:IVDid:B8FF984B-8752-4A47-AC75-7EB69E8E792D
Trust: 0.2
db:IVDid:3F144945-21D7-4C04-88A4-23B9959852A0
Trust: 0.2
db:VULHUBid:VHN-151406
Trust: 0.1
sources:
            
            
            IVD: b8ff984b-8752-4a47-ac75-7eb69e8e792d // 
            
            
            
            IVD: 3f144945-21d7-4c04-88a4-23b9959852a0 // 
            
            
            
            CNVD: CNVD-2020-19566 // 
            
            
            
            VULHUB: VHN-151406 // 
            
            
            
            JVNDB: JVNDB-2019-015253 // 
            
            
            
            CNNVD: CNNVD-202003-809 // 
            
            
            
            NVD: CVE-2019-19003

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-072-01
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-19003
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19003
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0929/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-19566 // 
            
            
            
            VULHUB: VHN-151406 // 
            
            
            
            JVNDB: JVNDB-2019-015253 // 
            
            
            
            CNNVD: CNNVD-202003-809 // 
            
            
            
            NVD: CVE-2019-19003

SOURCES
db:IVDid:b8ff984b-8752-4a47-ac75-7eb69e8e792d
db:IVDid:3f144945-21d7-4c04-88a4-23b9959852a0
db:CNVDid:CNVD-2020-19566
db:VULHUBid:VHN-151406
db:JVNDBid:JVNDB-2019-015253
db:CNNVDid:CNNVD-202003-809
db:NVDid:CVE-2019-19003

LAST UPDATE DATE
2024-11-23T21:35:58.754000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19566date:2020-03-26T00:00:00
db:VULHUBid:VHN-151406date:2020-04-03T00:00:00
db:JVNDBid:JVNDB-2019-015253date:2020-06-24T00:00:00
db:CNNVDid:CNNVD-202003-809date:2020-04-07T00:00:00
db:NVDid:CVE-2019-19003date:2024-11-21T04:33:58.477

SOURCES RELEASE DATE
db:IVDid:b8ff984b-8752-4a47-ac75-7eb69e8e792ddate:2020-03-12T00:00:00
db:IVDid:3f144945-21d7-4c04-88a4-23b9959852a0date:2020-03-12T00:00:00
db:CNVDid:CNVD-2020-19566date:2020-03-26T00:00:00
db:VULHUBid:VHN-151406date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-015253date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-809date:2020-03-12T00:00:00
db:NVDid:CVE-2019-19003date:2020-04-02T20:15:14.097