Main Vulnerability Database Vulnerabilities #VU26066

External Control of Critical State Data in eSOMS - CVE-2019-19092

Published: March 13, 2020

Vulnerability identifier: #VU26066

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-19092

CWE-ID: CWE-642

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ABB

Affected software:
eSOMS

Detailed vulnerability description

The vulnerability allows a remote attacker to perform some alternations in the target system.

The vulnerability exists due to the affected software uses ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.

How to mitigate CVE-2019-19092

Install updates from vendor's website.

Sources

https://ics-cert.us-cert.gov/advisories/icsa-20-072-01
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch

External Control of Critical State Data in eSOMS - CVE-2019-19092

Detailed vulnerability description

How to mitigate CVE-2019-19092

Sources

Please verify you're human