Main Vulnerability Database Vulnerabilities #VU26066

#VU26066 External Control of Critical State Data in eSOMS - CVE-2019-19092

Published: March 13, 2020

Vulnerability identifier: #VU26066

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-19092

CWE-ID: CWE-642

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
eSOMS

Software vendor:
ABB

Description

The vulnerability allows a remote attacker to perform some alternations in the target system.

The vulnerability exists due to the affected software uses ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-072-01
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch