CVE-2019-5620 — CRITICAL (9.8)

Vulnerability Description

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hitachienergy	Microscada Pro Sys600	9.3
Microsoft	Windows 7	-
Microsoft	Windows Xp	-

Related Weaknesses (CWE)

CWE-306

References

https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_execThird Party Advisory
https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_execThird Party Advisory

FAQ

What is CVE-2019-5620?

CVE-2019-5620 is a vulnerability with a CVSS score of 9.8 (CRITICAL). ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

How severe is CVE-2019-5620?

CVE-2019-5620 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-5620?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachienergy Microscada Pro Sys600, Microsoft Windows 7, Microsoft Windows Xp.