Esoms
CVE-2023-5514
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.
AnalysisAI
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-209. The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. Affected products include: Hitachienergy Esoms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication,
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attack
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report da
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, di
The responses for web queries with certain parameters disclose internal path of resources. Rated medium severity (CVSS 5
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today