Sign-up

ID

VAR-202004-0861


CVE

CVE-2019-19096


TITLE

ABB eSOMS Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015248

DESCRIPTION

The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. ABB eSOMS Exists in an inadequate protection of credentials.Information may be obtained and tampered with. ABB eSOMS is a set of factory operation management system of Swiss ABB company. ABB eSOMS has an information disclosure vulnerability that an attacker can use to obtain sensitive information

Trust: 2.61

sources: NVD: CVE-2019-19096 // JVNDB: JVNDB-2019-015248 // CNVD: CNVD-2020-17172 // IVD: 798258fb-844e-4e7b-b6d9-0b8a76988a66 // IVD: 6494b1e2-a483-4db1-a27a-dcd10ea046ed // VULHUB: VHN-151508

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 798258fb-844e-4e7b-b6d9-0b8a76988a66 // IVD: 6494b1e2-a483-4db1-a27a-dcd10ea046ed // CNVD: CNVD-2020-17172

AFFECTED PRODUCTS

vendor:hitachienergymodel:esomsscope:gteversion:6.0

Trust: 1.0

vendor:hitachienergymodel:esomsscope:lteversion:6.0.2

Trust: 1.0

vendor:abbmodel:esomsscope:eqversion:6.0 から 6.0.2

Trust: 0.8

vendor:abbmodel:esomsscope: - version: -

Trust: 0.6

vendor:esomsmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 798258fb-844e-4e7b-b6d9-0b8a76988a66 // IVD: 6494b1e2-a483-4db1-a27a-dcd10ea046ed // CNVD: CNVD-2020-17172 // JVNDB: JVNDB-2019-015248 // NVD: CVE-2019-19096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19096
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19096
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015248
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-17172
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-795
value: MEDIUM

Trust: 0.6

IVD: 798258fb-844e-4e7b-b6d9-0b8a76988a66
value: MEDIUM

Trust: 0.2

IVD: 6494b1e2-a483-4db1-a27a-dcd10ea046ed
value: MEDIUM

Trust: 0.2

VULHUB: VHN-151508
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-19096
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015248
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-17172
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 798258fb-844e-4e7b-b6d9-0b8a76988a66
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 6494b1e2-a483-4db1-a27a-dcd10ea046ed
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-151508
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-19096
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-015248
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 798258fb-844e-4e7b-b6d9-0b8a76988a66 // IVD: 6494b1e2-a483-4db1-a27a-dcd10ea046ed // CNVD: CNVD-2020-17172 // VULHUB: VHN-151508 // JVNDB: JVNDB-2019-015248 // CNNVD: CNNVD-202003-795 // NVD: CVE-2019-19096 // NVD: CVE-2019-19096

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.9

problemtype:CWE-257

Trust: 1.0

sources: VULHUB: VHN-151508 // JVNDB: JVNDB-2019-015248 // NVD: CVE-2019-19096

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-795

TYPE

other

Trust: 1.0

sources: IVD: 798258fb-844e-4e7b-b6d9-0b8a76988a66 // IVD: 6494b1e2-a483-4db1-a27a-dcd10ea046ed // CNNVD: CNNVD-202003-795

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015248

PATCH
title:ABBVU-PGGA-2018035url:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB eSOMS Information Disclosure Vulnerability (CNVD-2020-17172)url:https://www.cnvd.org.cn/patchInfo/show/208953
Trust: 0.6
title:ABB eSOMS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112310
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-17172 // 
            
            
            
            JVNDB: JVNDB-2019-015248 // 
            
            
            
            CNNVD: CNNVD-202003-795

EXTERNAL IDS
db:NVDid:CVE-2019-19096
Trust: 3.5
db:ICS CERTid:ICSA-20-072-01
Trust: 2.0
db:CNVDid:CNVD-2020-17172
Trust: 1.1
db:CNNVDid:CNNVD-202003-795
Trust: 1.0
db:JVNDBid:JVNDB-2019-015248
Trust: 0.8
db:AUSCERTid:ESB-2020.0929
Trust: 0.6
db:IVDid:798258FB-844E-4E7B-B6D9-0B8A76988A66
Trust: 0.2
db:IVDid:6494B1E2-A483-4DB1-A27A-DCD10EA046ED
Trust: 0.2
db:VULHUBid:VHN-151508
Trust: 0.1
sources:
            
            
            IVD: 798258fb-844e-4e7b-b6d9-0b8a76988a66 // 
            
            
            
            IVD: 6494b1e2-a483-4db1-a27a-dcd10ea046ed // 
            
            
            
            CNVD: CNVD-2020-17172 // 
            
            
            
            VULHUB: VHN-151508 // 
            
            
            
            JVNDB: JVNDB-2019-015248 // 
            
            
            
            CNNVD: CNNVD-202003-795 // 
            
            
            
            NVD: CVE-2019-19096

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-072-01
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-19096
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19096
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0929/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&languagecode=en&documentpartid=&action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-17172 // 
            
            
            
            VULHUB: VHN-151508 // 
            
            
            
            JVNDB: JVNDB-2019-015248 // 
            
            
            
            CNNVD: CNNVD-202003-795 // 
            
            
            
            NVD: CVE-2019-19096

SOURCES
db:IVDid:798258fb-844e-4e7b-b6d9-0b8a76988a66
db:IVDid:6494b1e2-a483-4db1-a27a-dcd10ea046ed
db:CNVDid:CNVD-2020-17172
db:VULHUBid:VHN-151508
db:JVNDBid:JVNDB-2019-015248
db:CNNVDid:CNNVD-202003-795
db:NVDid:CVE-2019-19096

LAST UPDATE DATE
2024-11-23T21:35:55.047000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-17172date:2020-03-15T00:00:00
db:VULHUBid:VHN-151508date:2020-04-03T00:00:00
db:JVNDBid:JVNDB-2019-015248date:2020-06-24T00:00:00
db:CNNVDid:CNNVD-202003-795date:2020-04-07T00:00:00
db:NVDid:CVE-2019-19096date:2024-11-21T04:34:11.627

SOURCES RELEASE DATE
db:IVDid:798258fb-844e-4e7b-b6d9-0b8a76988a66date:2020-03-12T00:00:00
db:IVDid:6494b1e2-a483-4db1-a27a-dcd10ea046eddate:2020-03-12T00:00:00
db:CNVDid:CNVD-2020-17172date:2020-03-15T00:00:00
db:VULHUBid:VHN-151508date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-015248date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-795date:2020-03-12T00:00:00
db:NVDid:CVE-2019-19096date:2020-04-02T20:15:15.143