Описание
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия от 9.0.0 (включая) до 9.3.0 (включая)Версия от 9.4 (включая) до 9.4.2.6 (исключая)Версия от 9.5.0 (включая) до 9.5.3.2 (исключая)
Одно из
cpe:2.3:a:hitachienergy:asset_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:asset_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:asset_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:asset_suite:9.6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.0013
Низкий
7.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-284
CWE-639
Связанные уязвимости
CVSS3: 7.1
github
больше 3 лет назад
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.
EPSS
Процентиль: 33%
0.0013
Низкий
7.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-284
CWE-639