Every CVE whose affected-product data names Hitachienergy Esoms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2018-14805 — CVSS 9.8 (critical): ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key…
CVE-2019-19094 — CVSS 7.6 (high): Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend…
CVE-2021-26845 — CVSS 7.5 (high): Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used…
CVE-2021-35527 — CVSS 7.5 (high): Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access…
CVE-2019-19093 — CVSS 6.5 (medium): eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure…
CVE-2019-19000 — CVSS 6.5 (medium): For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response…
CVE-2019-19001 — CVSS 6.5 (medium): For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow…
CVE-2019-19002 — CVSS 6.3 (medium): For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web…
CVE-2019-19096 — CVSS 6.1 (medium): The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system…
CVE-2019-19089 — CVSS 6.1 (medium): For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response…
CVE-2019-19097 — CVSS 5.9 (medium): ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an…
CVE-2019-19095 — CVSS 5.4 (medium): Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site…
CVE-2023-5516 — CVSS 5.3 (medium): Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing…
CVE-2019-19003 — CVSS 5.3 (medium): For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn…
CVE-2023-5514 — CVSS 5.3 (medium): The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for…
CVE-2023-5515 — CVSS 5.3 (medium): The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal…
CVE-2019-19091 — CVSS 4.3 (medium): For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might…
CVE-2019-19090 — CVSS 3.5 (low): For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the…
CVE-2019-19092 — CVSS 3.5 (low): ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be…