Vulnerabilities > Hitachienergy > Esoms

DATE CVE VULNERABILITY TITLE RISK
2020-04-02 CVE-2019-19092 Missing Authentication for Critical Function vulnerability in Hitachienergy Esoms
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC).
network
low complexity
hitachienergy CWE-306
3.5
3.5
2020-04-02 CVE-2019-19091 Information Exposure vulnerability in Hitachienergy Esoms
For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application.
network
low complexity
hitachienergy CWE-200
4.3
4.3
2020-04-02 CVE-2019-19090 Missing Encryption of Sensitive Data vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header.
network
low complexity
hitachienergy CWE-311
3.5
3.5
2020-04-02 CVE-2019-19089 Interpretation Conflict vulnerability in Hitachienergy Esoms
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared.
network
low complexity
hitachienergy CWE-436
6.1
6.1
2020-04-02 CVE-2019-19003 Cross-site Scripting vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2
For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set.
network
low complexity
hitachienergy CWE-79
6.1
6.1
2020-04-02 CVE-2019-19002 Cross-site Scripting vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server.
network
low complexity
hitachienergy CWE-79
5.4
5.4
2020-04-02 CVE-2019-19001 Improper Restriction of Rendered UI Layers or Frames vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response.
network
low complexity
hitachienergy CWE-1021
6.5
6.5
2020-04-02 CVE-2019-19000 Information Exposure vulnerability in Hitachienergy Esoms
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response.
network
low complexity
hitachienergy CWE-200
6.5
6.5
2018-08-29 CVE-2018-14805 Improper Authentication vulnerability in Hitachienergy Esoms 6.0.2
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present.
network
low complexity
hitachienergy CWE-287
critical
 9.8
9.8