9.6.0

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

network

low complexity

hitachienergy

CWE-639

NVD

Published: 2020-02-17

Updated: 2023-05-16

Summary

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.

Vulnerable Configurations

Part	Description	Count
Application	Hitachienergy Hitachienergy Asset Suite 9.6.0 Hitachienergy Asset Suite 9.5.0 Hitachienergy Asset Suite * Hitachienergy Asset Suite 9.0.0	4

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch
https://www.us-cert.gov/ics/advisories/icsa-20-072-02