Sign-up

ID

VAR-202004-0856


CVE

CVE-2019-19091


TITLE

ABB eSOMS Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015256

DESCRIPTION

For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. ABB eSOMS There is an information leakage vulnerability in.Information may be obtained. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from network system or product configuration errors during operation

Trust: 2.61

sources: NVD: CVE-2019-19091 // JVNDB: JVNDB-2019-015256 // CNVD: CNVD-2020-17169 // IVD: 5f6157c0-9364-49c7-8195-32fef00c5e5e // IVD: 5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb // VULHUB: VHN-151503

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 5f6157c0-9364-49c7-8195-32fef00c5e5e // IVD: 5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb // CNVD: CNVD-2020-17169

AFFECTED PRODUCTS

vendor:hitachienergymodel:esomsscope:lteversion:6.0.3

Trust: 1.0

vendor:hitachienergymodel:esomsscope:gteversion:4.0

Trust: 1.0

vendor:abbmodel:esomsscope:eqversion:4.0 から 6.0.3

Trust: 0.8

vendor:abbmodel:esomsscope:lteversion:<=6.0.3

Trust: 0.6

vendor:esomsmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 5f6157c0-9364-49c7-8195-32fef00c5e5e // IVD: 5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb // CNVD: CNVD-2020-17169 // JVNDB: JVNDB-2019-015256 // NVD: CVE-2019-19091

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19091
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19091
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015256
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-17169
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-805
value: MEDIUM

Trust: 0.6

IVD: 5f6157c0-9364-49c7-8195-32fef00c5e5e
value: MEDIUM

Trust: 0.2

IVD: 5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb
value: MEDIUM

Trust: 0.2

VULHUB: VHN-151503
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-19091
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015256
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-17169
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5f6157c0-9364-49c7-8195-32fef00c5e5e
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-151503
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-19091
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-015256
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 5f6157c0-9364-49c7-8195-32fef00c5e5e // IVD: 5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb // CNVD: CNVD-2020-17169 // VULHUB: VHN-151503 // JVNDB: JVNDB-2019-015256 // CNNVD: CNNVD-202003-805 // NVD: CVE-2019-19091 // NVD: CVE-2019-19091

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-16

Trust: 1.0

problemtype:CWE-202

Trust: 1.0

sources: VULHUB: VHN-151503 // JVNDB: JVNDB-2019-015256 // NVD: CVE-2019-19091

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-805

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202003-805

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015256

PATCH
title:ABBVU-PGGA-2018035url:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17169)url:https://www.cnvd.org.cn/patchInfo/show/208959
Trust: 0.6
title:ABB eSOMS Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112322
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-17169 // 
            
            
            
            JVNDB: JVNDB-2019-015256 // 
            
            
            
            CNNVD: CNNVD-202003-805

EXTERNAL IDS
db:NVDid:CVE-2019-19091
Trust: 3.5
db:ICS CERTid:ICSA-20-072-01
Trust: 2.0
db:CNVDid:CNVD-2020-17169
Trust: 1.1
db:CNNVDid:CNNVD-202003-805
Trust: 1.1
db:JVNDBid:JVNDB-2019-015256
Trust: 0.8
db:AUSCERTid:ESB-2020.0929
Trust: 0.6
db:IVDid:5F6157C0-9364-49C7-8195-32FEF00C5E5E
Trust: 0.2
db:IVDid:5865C71B-BC17-4D05-A1EA-EC4FF57AD2EB
Trust: 0.2
db:VULHUBid:VHN-151503
Trust: 0.1
sources:
            
            
            IVD: 5f6157c0-9364-49c7-8195-32fef00c5e5e // 
            
            
            
            IVD: 5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb // 
            
            
            
            CNVD: CNVD-2020-17169 // 
            
            
            
            VULHUB: VHN-151503 // 
            
            
            
            JVNDB: JVNDB-2019-015256 // 
            
            
            
            CNNVD: CNNVD-202003-805 // 
            
            
            
            NVD: CVE-2019-19091

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-072-01
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-19091
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19091
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0929/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-17169 // 
            
            
            
            VULHUB: VHN-151503 // 
            
            
            
            JVNDB: JVNDB-2019-015256 // 
            
            
            
            CNNVD: CNNVD-202003-805 // 
            
            
            
            NVD: CVE-2019-19091

SOURCES
db:IVDid:5f6157c0-9364-49c7-8195-32fef00c5e5e
db:IVDid:5865c71b-bc17-4d05-a1ea-ec4ff57ad2eb
db:CNVDid:CNVD-2020-17169
db:VULHUBid:VHN-151503
db:JVNDBid:JVNDB-2019-015256
db:CNNVDid:CNNVD-202003-805
db:NVDid:CVE-2019-19091

LAST UPDATE DATE
2024-11-23T21:35:54.893000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-17169date:2020-03-15T00:00:00
db:VULHUBid:VHN-151503date:2020-04-03T00:00:00
db:JVNDBid:JVNDB-2019-015256date:2020-06-24T00:00:00
db:CNNVDid:CNNVD-202003-805date:2020-04-07T00:00:00
db:NVDid:CVE-2019-19091date:2024-11-21T04:34:11.033

SOURCES RELEASE DATE
db:IVDid:5f6157c0-9364-49c7-8195-32fef00c5e5edate:2020-03-12T00:00:00
db:IVDid:5865c71b-bc17-4d05-a1ea-ec4ff57ad2ebdate:2020-03-12T00:00:00
db:CNVDid:CNVD-2020-17169date:2020-03-15T00:00:00
db:VULHUBid:VHN-151503date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-015256date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-805date:2020-03-12T00:00:00
db:NVDid:CVE-2019-19091date:2020-04-02T20:15:14.817