cvelistv5 - CVE-2019-5620

CVE-2019-5620 (GCVE-0-2019-5620)

Vulnerability from cvelistv5

Published

2020-04-29 22:15

Modified

2024-09-17 03:28

Severity ?

CWE

CWE-306 - Missing Authentication for Critical Function

Summary

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

References

URL

	Vendor	Product	Version
	ABB	MicroSCADA Pro SYS600	Version: 9.3

gsd-2019-5620

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

Aliases

CVE-2019-5620

Aliases

CVE-2019-5620

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5620",
    "description": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.",
    "id": "GSD-2019-5620"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5620"
      ],
      "details": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.",
      "id": "GSD-2019-5620",
      "modified": "2023-12-13T01:23:56.730655Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "AKA": "",
        "ASSIGNER": "cve@rapid7.com",
        "DATE_PUBLIC": "2013-04-05T00:00:00.000Z",
        "ID": "CVE-2019-5620",
        "STATE": "PUBLIC",
        "TITLE": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MicroSCADA Pro SYS600",
                    "version": {
                      "version_data": [
                        {
                          "platform": "",
                          "version_affected": "=",
                          "version_name": "",
                          "version_value": "9.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ABB"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
        }
      ],
      "generator": {
        "engine": "Tod\u0027s Junk Converter 0.0.2"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-306: Missing Authentication for Critical Function"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec",
            "refsource": "MISC",
            "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@rapid7.com",
          "ID": "CVE-2019-5620"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-16T20:44Z",
      "publishedDate": "2020-04-29T23:15Z"
    }
  }
}

fkie_cve-2019-5620

Vulnerability from fkie_nvd

Published

2020-04-29 23:15

Modified

2024-11-21 04:45

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

References

	URL	Tags
	cve@rapid7.com	https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec	Third Party Advisory

Impacted products

Vendor	Product	Version
hitachienergy	microscada_pro_sys600	9.3
microsoft	windows_7	-
microsoft	windows_xp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0577CAD7-1C5C-40D6-B20B-56F532642583",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
    },
    {
      "lang": "es",
      "value": "ABB MicroSCADA Pro SYS600 versi\u00f3n 9.3, sufre de una instancia CWE-306: Falta de Autenticaci\u00f3n para una Funci\u00f3n Cr\u00edtica."
    }
  ],
  "id": "CVE-2019-5620",
  "lastModified": "2024-11-21T04:45:15.187",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-29T23:15:13.033",
  "references": [
    {
      "source": "cve@rapid7.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
    }
  ],
  "sourceIdentifier": "cve@rapid7.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "cve@rapid7.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management.

ABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0657",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "microscada pro sys600",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "abb",
        "version": "9.3"
      },
      {
        "model": "microscada pro sys600",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachienergy",
        "version": "9.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "microscada pro sys600",
        "version": "9.3"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:abb:microscada_pro_sys600",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      }
    ]
  },
  "cve": "CVE-2019-5620",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-5620",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015512",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-27090",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-5620",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015512",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-5620",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-015512",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-27090",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-2435",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-5620",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management. \n\r\n\r\nABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-5620",
        "trust": 3.5
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "D5816D51-DD65-4B53-A03D-B5A77883386C",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "BAA1C90A-C3BD-4764-9EA3-66A131059A14",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      }
    ]
  },
  "id": "VAR-202004-0657",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      }
    ],
    "trust": 1.75
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:48:02.248000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://new.abb.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5620"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5620"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/306.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5620"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-29T00:00:00",
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "date": "2020-04-29T00:00:00",
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "date": "2020-05-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "date": "2020-04-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "date": "2020-05-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "date": "2020-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      },
      {
        "date": "2020-04-29T23:15:13.033000",
        "db": "NVD",
        "id": "CVE-2019-5620"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "date": "2020-05-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5620"
      },
      {
        "date": "2020-05-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015512"
      },
      {
        "date": "2020-05-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      },
      {
        "date": "2024-11-21T04:45:15.187000",
        "db": "NVD",
        "id": "CVE-2019-5620"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ABB MicroSCADA Pro SYS600 Access Control Error Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27090"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ],
    "trust": 1.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access control error",
    "sources": [
      {
        "db": "IVD",
        "id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
      },
      {
        "db": "IVD",
        "id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2435"
      }
    ],
    "trust": 1.0
  }
}

cnvd-2020-27090

Vulnerability from cnvd

Title

ABB MicroSCADA Pro SYS600访问控制错误漏洞

Description

ABB MicroSCADA Pro SYS600是瑞士ABB公司的一套监控和数据采集软件。该软件主要用于变电站自动化、SCADA电气、配电管理应用程序和工业电源管理等。 ABB MicroSCADA Pro SYS600 9.3版本中存在访问控制错误漏洞，该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。目前没有详细漏洞细节提供。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://abbs.qsnx.net/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-5620

Impacted products

Name
ABB MicroSCADA Pro SYS600 9.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5620"
    }
  },
  "description": "ABB MicroSCADA Pro SYS600\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u5957\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u4e3b\u8981\u7528\u4e8e\u53d8\u7535\u7ad9\u81ea\u52a8\u5316\u3001SCADA\u7535\u6c14\u3001\u914d\u7535\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u548c\u5de5\u4e1a\u7535\u6e90\u7ba1\u7406\u7b49\u3002\n\nABB MicroSCADA Pro SYS600 9.3\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u9650\u5236\u6765\u81ea\u672a\u6388\u6743\u89d2\u8272\u7684\u8d44\u6e90\u8bbf\u95ee\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://abbs.qsnx.net/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-27090",
  "openTime": "2020-05-08",
  "products": {
    "product": "ABB MicroSCADA Pro SYS600 9.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-5620",
  "serverity": "\u9ad8",
  "submitTime": "2020-04-30",
  "title": "ABB MicroSCADA Pro SYS600\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

ghsa-vf53-387h-6jj3

Vulnerability from github

Published

2022-05-24 17:16

Modified

2023-05-16 21:30

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5620"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-29T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.",
  "id": "GHSA-vf53-387h-6jj3",
  "modified": "2023-05-16T21:30:17Z",
  "published": "2022-05-24T17:16:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5620"
    },
    {
      "type": "WEB",
      "url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-5620 (GCVE-0-2019-5620)

Vulnerability from cvelistv5

gsd-2019-5620

Vulnerability from gsd

fkie_cve-2019-5620

Vulnerability from fkie_nvd

var-202004-0657

Vulnerability from variot

cnvd-2020-27090

Vulnerability from cnvd

ghsa-vf53-387h-6jj3

Vulnerability from github

Tags

Sightings

Nomenclature