CVE-2019-18998

Summary

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.

Affected Software

VendorProductVersion RangeStatus
ABBAsset Suite9.0 to 9.3affected
ABBAsset Suite9.4 prior to 9.4.2.6affected
ABBAsset Suite9.5 prior to 9.5.3.2affected
ABBAsset Suite9.6.0affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References