Description
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-20-072-02
Scores
CVSS v3
7.1
EPSS
0.0013
EPSS Percentile
31.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Details
CWE
CWE-284
CWE-639
Status
published
Products (2)
hitachienergy/asset_suite
9.6.0
hitachienergy/asset_suite
9.0.0 - 9.3.0
Published
Feb 17, 2020
Tracked Since
Feb 18, 2026