Vulnerability Description
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachienergy | Asset Suite | >= 9.0.0, <= 9.3.0 |
Related Weaknesses (CWE)
References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageVendor Advisory
- https://www.us-cert.gov/ics/advisories/icsa-20-072-02Third Party AdvisoryUS Government Resource
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageVendor Advisory
- https://www.us-cert.gov/ics/advisories/icsa-20-072-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-18998?
CVE-2019-18998 is a vulnerability with a CVSS score of 7.1 (HIGH). Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An att...
How severe is CVE-2019-18998?
CVE-2019-18998 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18998?
Check the references section above for vendor advisories and patch information. Affected products include: Hitachienergy Asset Suite.