Vulnerabilities > Hitachienergy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-02 | CVE-2019-19003 | Cross-site Scripting vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. | 6.1 |
| 2020-04-02 | CVE-2019-19002 | Cross-site Scripting vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. | 5.4 |
| 2020-04-02 | CVE-2019-19001 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. | 6.5 |
| 2020-04-02 | CVE-2019-19000 | Information Exposure vulnerability in Hitachienergy Esoms For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. | 6.5 |
| 2020-02-17 | CVE-2019-18998 | Authorization Bypass Through User-Controlled Key vulnerability in Hitachienergy Asset Suite 9.6.0 Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. | 7.1 |
| 2019-11-27 | CVE-2019-18253 | Path Traversal vulnerability in Hitachienergy Relion 670 Firmware An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. | 10.0 |
| 2019-11-27 | CVE-2019-18247 | Improper Input Validation vulnerability in Hitachienergy Relion 650 Firmware and Relion 670 Firmware An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service. | 7.5 |
| 2019-01-16 | CVE-2018-20720 | Improper Input Validation vulnerability in Hitachienergy Relion 630 Firmware ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message. | 7.5 |
| 2018-08-29 | CVE-2018-14805 | Improper Authentication vulnerability in Hitachienergy Esoms 6.0.2 ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. | 9.8 |
| 2018-02-21 | CVE-2018-1168 | Incorrect Permission Assignment for Critical Resource vulnerability in Hitachienergy Sys600 Firmware This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. | 7.8 |