Sign-up

ID

VAR-202004-0868


CVE

CVE-2019-19089


TITLE

ABB eSOMS Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015254

DESCRIPTION

For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. ABB eSOMS There is an injection vulnerability in.Information may be obtained and tampered with. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company. The vulnerability stems from the lack of X-Content-Type-Options header in the HTTP response. An attacker can use this vulnerability to execute unauthorized code

Trust: 2.61

sources: NVD: CVE-2019-19089 // JVNDB: JVNDB-2019-015254 // CNVD: CNVD-2020-19567 // IVD: 9f1a70b1-8ef2-4562-83a9-ac88340b0794 // IVD: 733edc59-907e-4d35-8ebb-75deadc436d1 // VULHUB: VHN-151500

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 9f1a70b1-8ef2-4562-83a9-ac88340b0794 // IVD: 733edc59-907e-4d35-8ebb-75deadc436d1 // CNVD: CNVD-2020-19567

AFFECTED PRODUCTS

vendor:hitachienergymodel:esomsscope:lteversion:6.0.3

Trust: 1.0

vendor:hitachienergymodel:esomsscope:gteversion:4.0

Trust: 1.0

vendor:abbmodel:esomsscope:eqversion:4.0 から 6.0.3

Trust: 0.8

vendor:abbmodel:esomsscope:lteversion:<=6.0.2

Trust: 0.6

vendor:esomsmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 9f1a70b1-8ef2-4562-83a9-ac88340b0794 // IVD: 733edc59-907e-4d35-8ebb-75deadc436d1 // CNVD: CNVD-2020-19567 // JVNDB: JVNDB-2019-015254 // NVD: CVE-2019-19089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19089
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19089
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015254
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-19567
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-807
value: MEDIUM

Trust: 0.6

IVD: 9f1a70b1-8ef2-4562-83a9-ac88340b0794
value: MEDIUM

Trust: 0.2

IVD: 733edc59-907e-4d35-8ebb-75deadc436d1
value: MEDIUM

Trust: 0.2

VULHUB: VHN-151500
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-19089
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015254
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19567
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9f1a70b1-8ef2-4562-83a9-ac88340b0794
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 733edc59-907e-4d35-8ebb-75deadc436d1
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-151500
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-19089
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-015254
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 9f1a70b1-8ef2-4562-83a9-ac88340b0794 // IVD: 733edc59-907e-4d35-8ebb-75deadc436d1 // CNVD: CNVD-2020-19567 // VULHUB: VHN-151500 // JVNDB: JVNDB-2019-015254 // CNNVD: CNNVD-202003-807 // NVD: CVE-2019-19089 // NVD: CVE-2019-19089

PROBLEMTYPE DATA

problemtype:CWE-436

Trust: 1.1

problemtype:CWE-94

Trust: 1.1

problemtype:CWE-16

Trust: 1.0

problemtype:CWE-74

Trust: 0.9

sources: VULHUB: VHN-151500 // JVNDB: JVNDB-2019-015254 // NVD: CVE-2019-19089

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-807

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-807

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015254

PATCH
title:ABBVU-PGGA-2018035url:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB eSOMS has an unknown vulnerability (CNVD-2020-19567)url:https://www.cnvd.org.cn/patchInfo/show/211043
Trust: 0.6
title:ABB eSOMS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=112326
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19567 // 
            
            
            
            JVNDB: JVNDB-2019-015254 // 
            
            
            
            CNNVD: CNNVD-202003-807

EXTERNAL IDS
db:NVDid:CVE-2019-19089
Trust: 3.5
db:ICS CERTid:ICSA-20-072-01
Trust: 2.0
db:CNVDid:CNVD-2020-19567
Trust: 1.1
db:CNNVDid:CNNVD-202003-807
Trust: 1.1
db:JVNDBid:JVNDB-2019-015254
Trust: 0.8
db:AUSCERTid:ESB-2020.0929
Trust: 0.6
db:IVDid:9F1A70B1-8EF2-4562-83A9-AC88340B0794
Trust: 0.2
db:IVDid:733EDC59-907E-4D35-8EBB-75DEADC436D1
Trust: 0.2
db:VULHUBid:VHN-151500
Trust: 0.1
sources:
            
            
            IVD: 9f1a70b1-8ef2-4562-83a9-ac88340b0794 // 
            
            
            
            IVD: 733edc59-907e-4d35-8ebb-75deadc436d1 // 
            
            
            
            CNVD: CNVD-2020-19567 // 
            
            
            
            VULHUB: VHN-151500 // 
            
            
            
            JVNDB: JVNDB-2019-015254 // 
            
            
            
            CNNVD: CNNVD-202003-807 // 
            
            
            
            NVD: CVE-2019-19089

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-072-01
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-19089
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19089
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0929/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=9akk107492a9964&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-19567 // 
            
            
            
            VULHUB: VHN-151500 // 
            
            
            
            JVNDB: JVNDB-2019-015254 // 
            
            
            
            CNNVD: CNNVD-202003-807 // 
            
            
            
            NVD: CVE-2019-19089

SOURCES
db:IVDid:9f1a70b1-8ef2-4562-83a9-ac88340b0794
db:IVDid:733edc59-907e-4d35-8ebb-75deadc436d1
db:CNVDid:CNVD-2020-19567
db:VULHUBid:VHN-151500
db:JVNDBid:JVNDB-2019-015254
db:CNNVDid:CNNVD-202003-807
db:NVDid:CVE-2019-19089

LAST UPDATE DATE
2024-11-23T21:35:58.716000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19567date:2020-03-26T00:00:00
db:VULHUBid:VHN-151500date:2020-10-19T00:00:00
db:JVNDBid:JVNDB-2019-015254date:2020-06-24T00:00:00
db:CNNVDid:CNNVD-202003-807date:2023-05-17T00:00:00
db:NVDid:CVE-2019-19089date:2024-11-21T04:34:10.793

SOURCES RELEASE DATE
db:IVDid:9f1a70b1-8ef2-4562-83a9-ac88340b0794date:2020-03-12T00:00:00
db:IVDid:733edc59-907e-4d35-8ebb-75deadc436d1date:2020-03-12T00:00:00
db:CNVDid:CNVD-2020-19567date:2020-03-26T00:00:00
db:VULHUBid:VHN-151500date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-015254date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-807date:2020-03-12T00:00:00
db:NVDid:CVE-2019-19089date:2020-04-02T20:15:14.423