Vulnerability identifier: #VU26058
Vulnerability risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID: N/A
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Asset Suite
Server applications /
SCADA systems
Vendor: ABB
Description
The vulnerability allows a remote user to gain unauthorized access to sensitive information in the application.
The vulnerability exist due to improper access controls used to limit user access to resources. A
remote user who knows or discovered the URL for a resource they do not have
permissions to, they would be able to access the resource by browsing
directly to the URL.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Asset Suite: 9.6
External links
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch
http://www.us-cert.gov/ics/advisories/icsa-20-072-02
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.