SB2020031314 - Multiple vunerabilities in ABB eSOMS

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Cleartext storage of sensitive information (CVE-ID: CVE-2019-19096)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the Redis data structure component stores credentials in clear text. A local user can obtain credentials on the target system.

2) Stored cross-site scripting (CVE-ID: CVE-2019-19095)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

3) Weak password requirements (CVE-ID: CVE-2019-19093)

The vulnerability allows an attacker to perform brute-force attack and guess the password.

The vulnerability exists due to weak password requirements. An attacker can perform a brute-force attack and guess users' passwords.

4) External Control of Critical State Data (CVE-ID: CVE-2019-19092)

The vulnerability allows a remote attacker to perform some alternations in the target system.

The vulnerability exists due to the affected software uses ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.

5) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CVE-ID: CVE-2019-19090)

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected software does not set the secure attribute on authorization tokens or session cookies. A remote authenticated attacker can intercept the transmission and obtain information from the cookie in clear text.

6) Sensitive Cookie Without 'HttpOnly' Flag (CVE-ID: CVE-2019-19003)

The vulnerability allows a remote attacker to read the contents of a cookie and exfiltrate information obtained.

The vulnerability exists due to the "HTTPOnly" flag is not set. This can allow JavaScript to access the cookie contents, which in turn might enable cross-site scripting.

7) Improper Neutralization of HTTP Headers for Scripting Syntax (CVE-ID: CVE-2019-19002)

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the X-XSS-Protection HTTP response header is not set in responses from the web server. This can potentially allow browsers and proxies to cache sensitive information and might increase the risk of cross-site scripting attack. A remote authenticated attacker can gain access to sensitive information.

8) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2019-19001)

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the X-Frame-Options header is not configured in HTTP response. A remote attacker can perform a "ClickJacking" attack and frame parts of the application on a malicious website, revealing sensitive user information such as authentication credentials.

Remediation

Install update from vendor's website.

References

• https://ics-cert.us-cert.gov/advisories/icsa-20-072-01
• https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch