CVE-2019-18998

Sažetak

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.

Reference

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch
https://www.us-cert.gov/ics/advisories/icsa-20-072-02

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Zadnje važnije ažuriranje

16-05-2023 - 20:06

Objavljeno

17-02-2020 - 19:15