CVE-2019-18998
Summary
| CVE | CVE-2019-18998 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-02-17 19:15:00 UTC |
| Updated | 2023-05-16 20:06:00 UTC |
| Description | Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly. |
Risk And Classification
Problem Types: CWE-639
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Abb | Asset Suite | All | All | All | All |
| Application | Abb | Asset Suite | 9.6.0 | All | All | All |
| Application | Abb | Asset Suite | All | All | All | All |
| Application | Abb | Asset Suite | 9.6.0 | All | All | All |
| Application | Abb | Asset Suite | All | All | All | All |
| Application | Hitachienergy | Asset Suite | All | All | All | All |
| Application | Hitachienergy | Asset Suite | 9.6.0 | All | All | All |
| Application | Hitachienergy | Asset Suite | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ABB Asset Suite | CISA | MISC | www.us-cert.gov | |
| search.abb.com/library/Download.aspx | CONFIRM | search.abb.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.