Filtered by vendor Hitachienergy
Subscriptions
Total
93 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27196 | 1 Hitachienergy | 18 Fox615 Tego1, Fox615 Tego1 Firmware, Gms600 and 15 more | 2024-11-21 | 7.5 High |
| Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1. | ||||
| CVE-2021-26845 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 7.5 High |
| Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. | ||||
| CVE-2021-22278 | 2 Abb, Hitachienergy | 2 Update Manager, Pcm600 | 2024-11-21 | 6.7 Medium |
| A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. | ||||
| CVE-2019-5620 | 2 Hitachienergy, Microsoft | 3 Microscada Pro Sys600, Windows 7, Windows Xp | 2024-11-21 | 9.8 Critical |
| ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. | ||||
| CVE-2019-19097 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 5.9 Medium |
| ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. | ||||
| CVE-2019-19096 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.1 Medium |
| The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. | ||||
| CVE-2019-19095 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 5.4 Medium |
| Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. | ||||
| CVE-2019-19094 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 7.6 High |
| Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. | ||||
| CVE-2019-19093 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.5 Medium |
| eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. | ||||
| CVE-2019-19092 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 3.5 Low |
| ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. | ||||
| CVE-2019-19091 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 4.3 Medium |
| For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. | ||||
| CVE-2019-19090 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 3.5 Low |
| For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. | ||||
| CVE-2019-19089 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.1 Medium |
| For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. | ||||
| CVE-2019-19003 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 5.3 Medium |
| For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. | ||||
| CVE-2019-19002 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.3 Medium |
| For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. | ||||
| CVE-2019-19001 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.5 Medium |
| For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. | ||||
| CVE-2019-19000 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.5 Medium |
| For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. | ||||
| CVE-2019-18998 | 1 Hitachienergy | 1 Asset Suite | 2024-11-21 | 7.1 High |
| Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly. | ||||
| CVE-2019-18253 | 1 Hitachienergy | 2 Relion 670, Relion 670 Firmware | 2024-11-21 | 10.0 Critical |
| An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. | ||||
| CVE-2019-18247 | 1 Hitachienergy | 4 Relion 650, Relion 650 Firmware, Relion 670 and 1 more | 2024-11-21 | 7.5 High |
| An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service. | ||||