Sign-up

ID

VAR-202004-0860


CVE

CVE-2019-19095


TITLE

ABB eSOMS Cross-Site Scripting Vulnerability

Trust: 1.6

sources: IVD: 8a7abfc8-13a1-4324-8d1b-8fee43ec6954 // IVD: 31776109-1203-4caf-b9d6-c8078168a94d // CNVD: CNVD-2020-17171 // CNNVD: CNNVD-202003-799

DESCRIPTION

Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. ABB eSOMS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Trust: 2.61

sources: NVD: CVE-2019-19095 // JVNDB: JVNDB-2019-015245 // CNVD: CNVD-2020-17171 // IVD: 8a7abfc8-13a1-4324-8d1b-8fee43ec6954 // IVD: 31776109-1203-4caf-b9d6-c8078168a94d // VULHUB: VHN-151507

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 8a7abfc8-13a1-4324-8d1b-8fee43ec6954 // IVD: 31776109-1203-4caf-b9d6-c8078168a94d // CNVD: CNVD-2020-17171

AFFECTED PRODUCTS

vendor:hitachienergymodel:esomsscope:lteversion:6.0.2

Trust: 1.0

vendor:hitachienergymodel:esomsscope:gteversion:4.0

Trust: 1.0

vendor:abbmodel:esomsscope:eqversion:4.0 から 6.0.2

Trust: 0.8

vendor:abbmodel:esomsscope:lteversion:<=6.0.2

Trust: 0.6

vendor:esomsmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 8a7abfc8-13a1-4324-8d1b-8fee43ec6954 // IVD: 31776109-1203-4caf-b9d6-c8078168a94d // CNVD: CNVD-2020-17171 // JVNDB: JVNDB-2019-015245 // NVD: CVE-2019-19095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19095
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19095
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015245
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-17171
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-799
value: MEDIUM

Trust: 0.6

IVD: 8a7abfc8-13a1-4324-8d1b-8fee43ec6954
value: MEDIUM

Trust: 0.2

IVD: 31776109-1203-4caf-b9d6-c8078168a94d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-151507
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-19095
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015245
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-17171
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 8a7abfc8-13a1-4324-8d1b-8fee43ec6954
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 31776109-1203-4caf-b9d6-c8078168a94d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-151507
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-19095
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-015245
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 8a7abfc8-13a1-4324-8d1b-8fee43ec6954 // IVD: 31776109-1203-4caf-b9d6-c8078168a94d // CNVD: CNVD-2020-17171 // VULHUB: VHN-151507 // JVNDB: JVNDB-2019-015245 // CNNVD: CNNVD-202003-799 // NVD: CVE-2019-19095 // NVD: CVE-2019-19095

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-151507 // JVNDB: JVNDB-2019-015245 // NVD: CVE-2019-19095

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-799

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-799

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015245

PATCH
title:ABBVU-PGGA-2018035url:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB eSOMS cross-site scripting vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/208955
Trust: 0.6
title:ABB eSOMS Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112314
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-17171 // 
            
            
            
            JVNDB: JVNDB-2019-015245 // 
            
            
            
            CNNVD: CNNVD-202003-799

EXTERNAL IDS
db:NVDid:CVE-2019-19095
Trust: 3.5
db:ICS CERTid:ICSA-20-072-01
Trust: 2.0
db:CNVDid:CNVD-2020-17171
Trust: 1.1
db:CNNVDid:CNNVD-202003-799
Trust: 1.1
db:JVNDBid:JVNDB-2019-015245
Trust: 0.8
db:AUSCERTid:ESB-2020.0929
Trust: 0.6
db:IVDid:8A7ABFC8-13A1-4324-8D1B-8FEE43EC6954
Trust: 0.2
db:IVDid:31776109-1203-4CAF-B9D6-C8078168A94D
Trust: 0.2
db:VULHUBid:VHN-151507
Trust: 0.1
sources:
            
            
            IVD: 8a7abfc8-13a1-4324-8d1b-8fee43ec6954 // 
            
            
            
            IVD: 31776109-1203-4caf-b9d6-c8078168a94d // 
            
            
            
            CNVD: CNVD-2020-17171 // 
            
            
            
            VULHUB: VHN-151507 // 
            
            
            
            JVNDB: JVNDB-2019-015245 // 
            
            
            
            CNNVD: CNNVD-202003-799 // 
            
            
            
            NVD: CVE-2019-19095

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-072-01
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-19095
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19095
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0929/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-17171 // 
            
            
            
            VULHUB: VHN-151507 // 
            
            
            
            JVNDB: JVNDB-2019-015245 // 
            
            
            
            CNNVD: CNNVD-202003-799 // 
            
            
            
            NVD: CVE-2019-19095

SOURCES
db:IVDid:8a7abfc8-13a1-4324-8d1b-8fee43ec6954
db:IVDid:31776109-1203-4caf-b9d6-c8078168a94d
db:CNVDid:CNVD-2020-17171
db:VULHUBid:VHN-151507
db:JVNDBid:JVNDB-2019-015245
db:CNNVDid:CNNVD-202003-799
db:NVDid:CVE-2019-19095

LAST UPDATE DATE
2024-11-23T21:35:54.817000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-17171date:2020-03-15T00:00:00
db:VULHUBid:VHN-151507date:2020-04-03T00:00:00
db:JVNDBid:JVNDB-2019-015245date:2020-06-24T00:00:00
db:CNNVDid:CNNVD-202003-799date:2020-04-10T00:00:00
db:NVDid:CVE-2019-19095date:2024-11-21T04:34:11.510

SOURCES RELEASE DATE
db:IVDid:8a7abfc8-13a1-4324-8d1b-8fee43ec6954date:2020-03-12T00:00:00
db:IVDid:31776109-1203-4caf-b9d6-c8078168a94ddate:2020-03-12T00:00:00
db:CNVDid:CNVD-2020-17171date:2020-03-15T00:00:00
db:VULHUBid:VHN-151507date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-015245date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-799date:2020-03-12T00:00:00
db:NVDid:CVE-2019-19095date:2020-04-02T20:15:15.067