Insufficient Access Control in ABB Asset Suite Web Interface

Insufficient Access Control in ABB Asset Suite Web Interface

CVE-2019-18998 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.

Learn more about our Web App Pen Testing.