PT-2020-10034 · Abb · Abb Asset Suite
Published
2020-02-17
·
Updated
2023-05-16
·
CVE-2019-18998
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ABB Asset Suite versions 9.0 through 9.3
ABB Asset Suite version 9.4 prior to 9.4.2.6
ABB Asset Suite version 9.5 prior to 9.5.3.2
ABB Asset Suite version 9.6.0
Description
The issue is related to insufficient access control in the web interface, allowing full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.
Recommendations
For ABB Asset Suite versions 9.0 through 9.3, update to a version outside of this range.
For ABB Asset Suite version 9.4 prior to 9.4.2.6, update to version 9.4.2.6 or later.
For ABB Asset Suite version 9.5 prior to 9.5.3.2, update to version 9.5.3.2 or later.
For ABB Asset Suite version 9.6.0, update to a later version.
Fix
Improper Access Control
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Abb Asset Suite