Vulnerabilites related to ABB - MicroSCADA Pro SYS600
var-202211-1392
Vulnerability from variot
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software from ABB in Switzerland. The software is mainly used in substation automation, SCADA electrical, power distribution management applications and industrial power management etc. An attacker could exploit this vulnerability to execute code remotely
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.3"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.2.1"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.1.1"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.2"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.0"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.4"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.3"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.3.1"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.1"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.1"
},
{
"model": "microscada x sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "10.4"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.2"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.4"
},
{
"model": "microscada pro sys600 9.4:fixpack 1",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "microscada pro sys600 9.4:fixpack 2",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "microscada pro sys600",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=9.3"
},
{
"model": "microscada pro sys600",
"scope": "gte",
"trust": 0.6,
"vendor": "abb",
"version": "10.0,\u003c=10.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"cve": "CVE-2022-3388",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-86331",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-3388",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cybersecurity@hitachienergy.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2022-3388",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-3388",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2022-3388",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-86331",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3240",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\n\n\nAn input validation vulnerability exists in the Monitor Pro interface of MicroSCADA\nPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user\u0027s role. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software from ABB in Switzerland. The software is mainly used in substation automation, SCADA electrical, power distribution management applications and industrial power management etc. An attacker could exploit this vulnerability to execute code remotely",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3388"
},
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3388",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2022-86331",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"id": "VAR-202211-1392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
]
},
"last_update_date": "2024-08-14T15:16:21.725000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for ABB MicroSCADA Pro SYS600 Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/367091"
},
{
"title": "ABB MicroSCADA Pro SYS600 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=215569"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://search.abb.com/library/download.aspx?documentid=8dbd000123\u0026languagecode=en\u0026documentpartid=\u0026action=launch\u0026elqaid=4293\u0026elqat=1"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3388/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"date": "2022-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"date": "2022-11-21T19:15:13.353000",
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86331"
},
{
"date": "2022-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3240"
},
{
"date": "2023-10-19T05:15:58.283000",
"db": "NVD",
"id": "CVE-2022-3388"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 Code Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86331"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3240"
}
],
"trust": 0.6
}
}
var-202004-0657
Vulnerability from variot
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management.
ABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0657",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.5,
"vendor": "abb",
"version": "9.3"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "microscada pro sys600",
"version": "9.3"
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:microscada_pro_sys600",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
}
]
},
"cve": "CVE-2019-5620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5620",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015512",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-27090",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5620",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015512",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5620",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-015512",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-27090",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2435",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-5620",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management. \n\r\n\r\nABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5620",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2020-27090",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512",
"trust": 0.8
},
{
"db": "IVD",
"id": "D5816D51-DD65-4B53-A03D-B5A77883386C",
"trust": 0.2
},
{
"db": "IVD",
"id": "BAA1C90A-C3BD-4764-9EA3-66A131059A14",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-5620",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"id": "VAR-202004-0657",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
}
],
"trust": 1.75
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
}
]
},
"last_update_date": "2024-11-23T22:48:02.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5620"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"date": "2020-04-29T00:00:00",
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"date": "2020-04-29T23:15:13.033000",
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"date": "2024-11-21T04:45:15.187000",
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 1.0
}
}
CVE-2019-5620 (GCVE-0-2019-5620)
Vulnerability from cvelistv5
Published
2020-04-29 22:15
Modified
2024-09-17 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | MicroSCADA Pro SYS600 |
Version: 9.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MicroSCADA Pro SYS600",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "9.3"
}
]
}
],
"datePublic": "2013-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
}
],
"exploits": [
{
"lang": "en",
"value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T22:15:27",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"title": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function",
"x_generator": {
"engine": "Tod\u0027s Junk Converter 0.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2013-04-05T00:00:00.000Z",
"ID": "CVE-2019-5620",
"STATE": "PUBLIC",
"TITLE": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MicroSCADA Pro SYS600",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "9.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
}
]
},
"exploit": [
{
"lang": "en",
"value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"generator": {
"engine": "Tod\u0027s Junk Converter 0.0.2"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec",
"refsource": "MISC",
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5620",
"datePublished": "2020-04-29T22:15:27.966812Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T03:28:34.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}