ICSA-20-072-01_ABB eSOMS

Plan Patch7.6ICS-CERT ICSA-20-072-01Mar 12, 2020

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ABB eSOMS versions 6.02 and prior contain multiple vulnerabilities including credential management flaws, sensitive data exposure, SQL injection, cross-site scripting (XSS), and insecure cryptographic practices. The vulnerabilities require low privileges and network access to exploit, affecting confidentiality, integrity, and availability of the system.

What this means

What could happen

An attacker with login credentials could exploit these vulnerabilities to access sensitive data, modify system settings, or inject malicious commands into the eSOMS database, potentially disrupting energy management operations or stealing configuration and operational data.

Who's at risk

Energy management system operators and utilities using ABB eSOMS for monitoring and control of electrical systems should prioritize this advisory. The vulnerability affects any facility relying on eSOMS for demand-side management, demand response coordination, or energy data analytics.

How it could be exploited

An attacker with valid eSOMS user credentials and network access to the application could exploit SQL injection or cross-site scripting flaws to extract sensitive data, bypass access controls, or execute unauthorized commands. The vulnerabilities could also be chained to escalate privileges and modify system behavior.

Prerequisites

Valid eSOMS user credentials
Network access to the eSOMS application port
Knowledge of vulnerable input fields or API endpoints

requires authenticationmultiple critical weakness types (SQL injection, XSS, weak cryptography)affects confidentiality and integrityremote network access required

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

eSOMS: 6.02 and prior≤ 6.026.0.3 or later

Remediation & Mitigation

0/6

Do now

0/4

HARDENINGRestrict network access to eSOMS to authorized users only; do not expose the application to the Internet

HARDENINGIsolate the eSOMS system behind a firewall and separate it from the business network

WORKAROUNDIf remote access to eSOMS is required, use a VPN with current security patches and strong authentication

HARDENINGReview and enforce strong credential policies for eSOMS user accounts; disable unused accounts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ABB eSOMS to version 6.0.3 or 6.1 or later

Long-term hardening

0/1

HARDENINGReview input validation and API security practices in eSOMS configuration

CVEs (13)

CVE-2019-19000 CVE-2019-19001 CVE-2019-19002 CVE-2019-19003 CVE-2019-19089 CVE-2019-19090 CVE-2019-19091 CVE-2019-19092 CVE-2019-19093 CVE-2019-19094 CVE-2019-19095 CVE-2019-19096 CVE-2019-19097

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3f2accba-01e0-4c98-96e5-08a55ac01b4d