CVE-2019-19092

CWE-16CWE-306Missing Authentication3 documents3 sources
Severity
3.5LOW
EPSS
0.2%
top 57.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hitachienergy EsomsABB Esoms
Timeline
PublishedApr 2
Latest updateMay 24

Description

ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

NVDhitachienergy/esoms4.06.0.3
CVEListV5abb/esoms4.0 to 6.0.3

🔴Vulnerability Details

2
GHSA
GHSA-qwpj-549m-7v5q: ABB eSOMS versions 42022-05-24
CVEList
ABB eSOMS: Viewstate without MAC Signature2020-04-02
CVE-2019-19092 (LOW CVSS 3.5) | ABB eSOMS versions 4.0 to 6.0.3 use | cvebase.io