CVE-2019-19092

Name of the Vulnerable Software and Affected Versions ABB eSOMS versions 4.0 to 6.0.3

Description The issue is related to the ASP.NET Viewstate component of the ABB eSOMS software, which lacks authentication for a critical function. This could allow a remote attacker to disclose protected information. The software uses ASP.NET Viewstate without a Message Authentication Code (MAC), meaning alterations to Viewstate might not be noticed.

Recommendations For ABB eSOMS versions 4.0 to 6.0.3, consider disabling the use of ASP.NET Viewstate until a patch is available, or apply configuration changes to include a Message Authentication Code (MAC) for Viewstate to prevent unnoticed alterations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.