CVE-2019-19509

Current Description

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.

Basic Data

PublishedFebruary 17, 2020
Last ModifiedMarch 12, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCVE-2014-8370
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.5
SeverityMEDIUM
Exploitability Score8.0
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAbbAsset Suite********9.0.09.4.2.6
    2.3ApplicationAbbAsset Suite********9.5.09.5.3.2
    2.3ApplicationAbbAsset Suite9.6.0*******

Vulnerable Software List

VendorProductVersions
Abb Asset Suite *, 9.6.0

References

NameSourceURLTags
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launchhttps://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartCONFIRMVendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-072-02https://www.us-cert.gov/ics/advisories/icsa-20-072-02MISC