Sign-up

ID

VAR-202004-0855


CVE

CVE-2019-19090


TITLE

ABB eSOMS Vulnerability regarding lack of encryption of critical data in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015255

DESCRIPTION

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. ABB eSOMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. An attacker can use this vulnerability to obtain cookie information

Trust: 2.61

sources: NVD: CVE-2019-19090 // JVNDB: JVNDB-2019-015255 // CNVD: CNVD-2020-19561 // IVD: cd49a2ed-01dc-4e1e-ac5d-844ed81c8479 // IVD: 360f58fd-3bb0-4c6e-8f10-bd08ee40c271 // VULHUB: VHN-151502

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: cd49a2ed-01dc-4e1e-ac5d-844ed81c8479 // IVD: 360f58fd-3bb0-4c6e-8f10-bd08ee40c271 // CNVD: CNVD-2020-19561

AFFECTED PRODUCTS

vendor:hitachienergymodel:esomsscope:lteversion:6.0.2

Trust: 1.0

vendor:hitachienergymodel:esomsscope:gteversion:4.0

Trust: 1.0

vendor:abbmodel:esomsscope:eqversion:4.0 から 6.0.2

Trust: 0.8

vendor:abbmodel:esomsscope:lteversion:<=6.0.2

Trust: 0.6

vendor:esomsmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: cd49a2ed-01dc-4e1e-ac5d-844ed81c8479 // IVD: 360f58fd-3bb0-4c6e-8f10-bd08ee40c271 // CNVD: CNVD-2020-19561 // JVNDB: JVNDB-2019-015255 // NVD: CVE-2019-19090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19090
value: LOW

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19090
value: LOW

Trust: 1.0

NVD: JVNDB-2019-015255
value: LOW

Trust: 0.8

CNVD: CNVD-2020-19561
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-806
value: LOW

Trust: 0.6

IVD: cd49a2ed-01dc-4e1e-ac5d-844ed81c8479
value: LOW

Trust: 0.2

IVD: 360f58fd-3bb0-4c6e-8f10-bd08ee40c271
value: LOW

Trust: 0.2

VULHUB: VHN-151502
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-19090
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015255
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19561
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: cd49a2ed-01dc-4e1e-ac5d-844ed81c8479
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 360f58fd-3bb0-4c6e-8f10-bd08ee40c271
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-151502
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-19090
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-015255
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: cd49a2ed-01dc-4e1e-ac5d-844ed81c8479 // IVD: 360f58fd-3bb0-4c6e-8f10-bd08ee40c271 // CNVD: CNVD-2020-19561 // VULHUB: VHN-151502 // JVNDB: JVNDB-2019-015255 // CNNVD: CNNVD-202003-806 // NVD: CVE-2019-19090 // NVD: CVE-2019-19090

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.9

problemtype:CWE-16

Trust: 1.0

sources: VULHUB: VHN-151502 // JVNDB: JVNDB-2019-015255 // NVD: CVE-2019-19090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-806

TYPE

Configuration error

Trust: 1.0

sources: IVD: cd49a2ed-01dc-4e1e-ac5d-844ed81c8479 // IVD: 360f58fd-3bb0-4c6e-8f10-bd08ee40c271 // CNNVD: CNNVD-202003-806

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015255

PATCH
title:ABBVU-PGGA-2018035url:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19561)url:https://www.cnvd.org.cn/patchInfo/show/211045
Trust: 0.6
title:ABB eSOMS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112324
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19561 // 
            
            
            
            JVNDB: JVNDB-2019-015255 // 
            
            
            
            CNNVD: CNNVD-202003-806

EXTERNAL IDS
db:NVDid:CVE-2019-19090
Trust: 3.5
db:ICS CERTid:ICSA-20-072-01
Trust: 2.0
db:CNVDid:CNVD-2020-19561
Trust: 1.1
db:CNNVDid:CNNVD-202003-806
Trust: 1.1
db:JVNDBid:JVNDB-2019-015255
Trust: 0.8
db:AUSCERTid:ESB-2020.0929
Trust: 0.6
db:IVDid:CD49A2ED-01DC-4E1E-AC5D-844ED81C8479
Trust: 0.2
db:IVDid:360F58FD-3BB0-4C6E-8F10-BD08EE40C271
Trust: 0.2
db:VULHUBid:VHN-151502
Trust: 0.1
sources:
            
            
            IVD: cd49a2ed-01dc-4e1e-ac5d-844ed81c8479 // 
            
            
            
            IVD: 360f58fd-3bb0-4c6e-8f10-bd08ee40c271 // 
            
            
            
            CNVD: CNVD-2020-19561 // 
            
            
            
            VULHUB: VHN-151502 // 
            
            
            
            JVNDB: JVNDB-2019-015255 // 
            
            
            
            CNNVD: CNNVD-202003-806 // 
            
            
            
            NVD: CVE-2019-19090

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-072-01
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-19090
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19090
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0929/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-19561 // 
            
            
            
            VULHUB: VHN-151502 // 
            
            
            
            JVNDB: JVNDB-2019-015255 // 
            
            
            
            CNNVD: CNNVD-202003-806 // 
            
            
            
            NVD: CVE-2019-19090

SOURCES
db:IVDid:cd49a2ed-01dc-4e1e-ac5d-844ed81c8479
db:IVDid:360f58fd-3bb0-4c6e-8f10-bd08ee40c271
db:CNVDid:CNVD-2020-19561
db:VULHUBid:VHN-151502
db:JVNDBid:JVNDB-2019-015255
db:CNNVDid:CNNVD-202003-806
db:NVDid:CVE-2019-19090

LAST UPDATE DATE
2024-11-23T21:35:55.007000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19561date:2020-03-26T00:00:00
db:VULHUBid:VHN-151502date:2020-04-03T00:00:00
db:JVNDBid:JVNDB-2019-015255date:2020-06-24T00:00:00
db:CNNVDid:CNNVD-202003-806date:2020-04-07T00:00:00
db:NVDid:CVE-2019-19090date:2024-11-21T04:34:10.913

SOURCES RELEASE DATE
db:IVDid:cd49a2ed-01dc-4e1e-ac5d-844ed81c8479date:2020-03-12T00:00:00
db:IVDid:360f58fd-3bb0-4c6e-8f10-bd08ee40c271date:2020-03-12T00:00:00
db:CNVDid:CNVD-2020-19561date:2020-03-26T00:00:00
db:VULHUBid:VHN-151502date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-015255date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-806date:2020-03-12T00:00:00
db:NVDid:CVE-2019-19090date:2020-04-02T20:15:14.737