Vulnerability Details CVE-2019-18998
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.0%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 5.5
References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch
- https://www.us-cert.gov/ics/advisories/icsa-20-072-02
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch
- https://www.us-cert.gov/ics/advisories/icsa-20-072-02
Products affected by CVE-2019-18998
-
cpe:2.3:a:hitachienergy:asset_suite:*
-
cpe:2.3:a:hitachienergy:asset_suite:9.0.0
-
cpe:2.3:a:hitachienergy:asset_suite:9.5.0
-
cpe:2.3:a:hitachienergy:asset_suite:9.6.0