var-202004-0657
Vulnerability from variot
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management.
ABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0657",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.5,
"vendor": "abb",
"version": "9.3"
},
{
"model": "microscada pro sys600",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "microscada pro sys600",
"version": "9.3"
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:microscada_pro_sys600",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
}
]
},
"cve": "CVE-2019-5620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5620",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015512",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-27090",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5620",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015512",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5620",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-015512",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-27090",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2435",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-5620",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. (DoS) It may be put into a state. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software of Swiss ABB company. The software is mainly used for substation automation, SCADA electrical, distribution management applications and industrial power management. \n\r\n\r\nABB MicroSCADA Pro SYS600 version 9.3 has an access control error vulnerability, which originated from a network system or product incorrectly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5620",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2020-27090",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512",
"trust": 0.8
},
{
"db": "IVD",
"id": "D5816D51-DD65-4B53-A03D-B5A77883386C",
"trust": 0.2
},
{
"db": "IVD",
"id": "BAA1C90A-C3BD-4764-9EA3-66A131059A14",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-5620",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"id": "VAR-202004-0657",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
}
],
"trust": 1.75
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
}
]
},
"last_update_date": "2024-11-23T22:48:02.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5620"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"date": "2020-04-29T00:00:00",
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"date": "2020-04-29T23:15:13.033000",
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5620"
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015512"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2435"
},
{
"date": "2024-11-21T04:45:15.187000",
"db": "NVD",
"id": "CVE-2019-5620"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB MicroSCADA Pro SYS600 Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNVD",
"id": "CNVD-2020-27090"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "d5816d51-dd65-4b53-a03d-b5a77883386c"
},
{
"db": "IVD",
"id": "baa1c90a-c3bd-4764-9ea3-66a131059a14"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2435"
}
],
"trust": 1.0
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…