Details of VAR-202106-1440

ID

VAR-202106-1440

CVE

CVE-2021-26845

TITLE

Hitachi ABB Power Grids eSOMS Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012369

DESCRIPTION

Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company

Trust: 1.71

sources: NVD: CVE-2021-26845 // JVNDB: JVNDB-2021-012369 // VULHUB: VHN-386007

AFFECTED PRODUCTS

vendor:	hitachienergy	model:	esoms	scope:	gte	version:	6.0	Trust: 1.0
vendor:	hitachienergy	model:	esoms	scope:	lt	version:	6.1.4	Trust: 1.0
vendor:	hitachienergy	model:	esoms	scope:	gte	version:	6.1	Trust: 1.0
vendor:	hitachienergy	model:	esoms	scope:	lt	version:	6.0.4.2.2	Trust: 1.0
vendor:	abb	model:	esoms	scope:	eq	version:	-	Trust: 0.8
vendor:	abb	model:	esoms	scope:	eq	version:	6.0 that's all 6.0.4.2.2	Trust: 0.8
vendor:	abb	model:	esoms	scope:	eq	version:	6.1 that's all 6.1.4	Trust: 0.8
vendor:	abb	model:	esoms	scope:	eq	version:	6.3	Trust: 0.8

sources: JVNDB: JVNDB-2021-012369 // NVD: CVE-2021-26845

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26845
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-26845
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-26845
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202103-1168
value:	HIGH
Trust: 0.6
VULHUB:	VHN-386007
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-26845
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-386007
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-26845
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-012369
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-386007 // JVNDB: JVNDB-2021-012369 // CNNVD: CNNVD-202103-1168 // NVD: CVE-2021-26845 // NVD: CVE-2021-26845

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-386007 // JVNDB: JVNDB-2021-012369 // NVD: CVE-2021-26845

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1168

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202103-1168

PATCH

title:	eSOMS Report Function Vulnerability	url:	https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942&LanguageCode=en&DocumentPartId=&Action=Launch	Trust: 0.8
title:	ABB eSOMS Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144710	Trust: 0.6

sources: JVNDB: JVNDB-2021-012369 // CNNVD: CNNVD-202103-1168

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26845	Trust: 3.3
db:	ICS CERT	id:	ICSA-21-077-02	Trust: 1.4
db:	JVN	id:	JVNVU96655623	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-012369	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0971	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-1168	Trust: 0.6
db:	VULHUB	id:	VHN-386007	Trust: 0.1

sources: VULHUB: VHN-386007 // JVNDB: JVNDB-2021-012369 // CNNVD: CNNVD-202103-1168 // NVD: CVE-2021-26845

REFERENCES

url:	https://search.abb.com/library/download.aspx?documentid=9akk107991a8942&languagecode=en&documentpartid=&action=launch	Trust: 1.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-077-02	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu96655623/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26845	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.0971	Trust: 0.6
url:	https://search.abb.com/library/download.aspx?documentid=9akk107991a8942&languagecode=en&documentpartid=&action=launch	Trust: 0.1

sources: VULHUB: VHN-386007 // JVNDB: JVNDB-2021-012369 // CNNVD: CNNVD-202103-1168 // NVD: CVE-2021-26845

SOURCES

db:	VULHUB	id:	VHN-386007
db:	JVNDB	id:	JVNDB-2021-012369
db:	CNNVD	id:	CNNVD-202103-1168
db:	NVD	id:	CVE-2021-26845

LAST UPDATE DATE

2024-08-14T14:20:24.290000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-386007	date:	2021-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-012369	date:	2022-08-30T04:56:00
db:	CNNVD	id:	CNNVD-202103-1168	date:	2021-06-28T00:00:00
db:	NVD	id:	CVE-2021-26845	date:	2023-05-16T20:21:29.777

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-386007	date:	2021-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-012369	date:	2022-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202103-1168	date:	2021-03-18T00:00:00
db:	NVD	id:	CVE-2021-26845	date:	2021-06-14T22:15:08.550