Lucene search

ABBCVELIST:CVE-2019-18998

HistoryFeb 17, 2020 - 6:40 p.m.

CVE-2019-18998 Asset Suite Direct Object Reference Access

2020-02-1718:40:38

CWE-284

ABB

www.cve.org

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource’s URL can access the resource directly.

CNA Affected

[
  {
    "product": "Asset Suite",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "9.0 to 9.3"
      },
      {
        "status": "affected",
        "version": "9.4 prior to 9.4.2.6"
      },
      {
        "status": "affected",
        "version": "9.5 prior to 9.5.3.2"
      },
      {
        "status": "affected",
        "version": "9.6.0"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch

www.us-cert.gov/ics/advisories/icsa-20-072-02

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

Related for CVELIST:CVE-2019-18998