Vulnerabilities > Hitachienergy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-02 | CVE-2019-19092 | Missing Authentication for Critical Function vulnerability in Hitachienergy Esoms ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). | 3.5 |
| 2020-04-02 | CVE-2019-19091 | Information Exposure vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. | 4.3 |
| 2020-04-02 | CVE-2019-19090 | Missing Encryption of Sensitive Data vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. | 3.5 |
| 2020-04-02 | CVE-2019-19089 | Interpretation Conflict vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. | 6.1 |
| 2020-04-02 | CVE-2019-19003 | Cross-site Scripting vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. | 6.1 |
| 2020-04-02 | CVE-2019-19002 | Cross-site Scripting vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. | 5.4 |
| 2020-04-02 | CVE-2019-19001 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. | 6.5 |
| 2020-04-02 | CVE-2019-19000 | Information Exposure vulnerability in Hitachienergy Esoms For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. | 6.5 |
| 2020-02-17 | CVE-2019-18998 | Authorization Bypass Through User-Controlled Key vulnerability in Hitachienergy Asset Suite 9.6.0 Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. | 7.1 |
| 2019-11-27 | CVE-2019-18253 | Path Traversal vulnerability in Hitachienergy Relion 670 Firmware An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. | 10.0 |