Vulnerabilities > Hitachienergy

DATE CVE VULNERABILITY TITLE RISK
2020-04-02 CVE-2019-19096 Insufficiently Protected Credentials vulnerability in Hitachienergy Esoms 6.0/6.0.2
The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text.
local
low complexity
hitachienergy CWE-522
6.1
2020-04-02 CVE-2019-19095 Cross-site Scripting vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2
Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.
network
low complexity
hitachienergy CWE-79
5.4
2020-04-02 CVE-2019-19094 SQL Injection vulnerability in Hitachienergy Esoms
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
network
low complexity
hitachienergy CWE-89
7.6
2020-04-02 CVE-2019-19093 Weak Password Requirements vulnerability in Hitachienergy Esoms
eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.
network
low complexity
hitachienergy CWE-521
6.5
2020-04-02 CVE-2019-19092 Missing Authentication for Critical Function vulnerability in Hitachienergy Esoms
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC).
network
low complexity
hitachienergy CWE-306
3.5
2020-04-02 CVE-2019-19091 Information Exposure vulnerability in Hitachienergy Esoms
For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application.
network
low complexity
hitachienergy CWE-200
4.3
2020-04-02 CVE-2019-19090 Missing Encryption of Sensitive Data vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header.
network
low complexity
hitachienergy CWE-311
3.5
2020-04-02 CVE-2019-19089 Interpretation Conflict vulnerability in Hitachienergy Esoms
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared.
network
low complexity
hitachienergy CWE-436
6.1
2020-04-02 CVE-2019-19003 Cross-site Scripting vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2
For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set.
network
low complexity
hitachienergy CWE-79
6.1
2020-04-02 CVE-2019-19002 Cross-site Scripting vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server.
network
low complexity
hitachienergy CWE-79
5.4