Lucene search

ABBCVE-2022-0010

HistoryMay 22, 2023 - 8:15 a.m.

CVE-2022-0010

2023-05-2208:15:08

CWE-532

ABB

web.nvd.nist.gov

cve-2022-0010

abb qcs 800xa

abb qcs ac450

abb platform engineering tools

log file vulnerability

sensitive information insertion

local access

system nodes control

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.

An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes.

This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.

Affected configurations

Nvd

Node

abbplatform_engineering_toolsRange1.0.0–2.3.0

Node

abbqcs_800xaMatch-

AND

abbqcs_800xa_firmwareRange1.0.0–5.1.0

abbqcs_800xa_firmwareMatch5.1.0sp2

Node

abbqcs_ac450Match-

AND

abbqcs_ac450_firmwareRange1.0.0–6.1.0

abbqcs_ac450_firmwareMatch6.1.0sp2

VendorProductVersionCPE
abbplatform_engineering_tools*cpe:2.3:a:abb:platform_engineering_tools:*:*:*:*:*:*:*:*
abbqcs_800xa-cpe:2.3:h:abb:qcs_800xa:-:*:*:*:*:*:*:*
abbqcs_800xa_firmware*cpe:2.3:o:abb:qcs_800xa_firmware:*:*:*:*:*:*:*:*
abbqcs_800xa_firmware5.1.0cpe:2.3:o:abb:qcs_800xa_firmware:5.1.0:sp2:*:*:*:*:*:*
abbqcs_ac450-cpe:2.3:h:abb:qcs_ac450:-:*:*:*:*:*:*:*
abbqcs_ac450_firmware*cpe:2.3:o:abb:qcs_ac450_firmware:*:*:*:*:*:*:*:*
abbqcs_ac450_firmware6.1.0cpe:2.3:o:abb:qcs_ac450_firmware:6.1.0:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
abb	platform_engineering_tools	*	cpe:2.3:a:abb:platform_engineering_tools::::::::
abb	qcs_800xa	-	cpe:2.3:h:abb:qcs_800xa:-:::::::*
abb	qcs_800xa_firmware	*	cpe:2.3:o:abb:qcs_800xa_firmware::::::::
abb	qcs_800xa_firmware	5.1.0	cpe:2.3:o:abb:qcs_800xa_firmware:5.1.0:sp2::::::
abb	qcs_ac450	-	cpe:2.3:h:abb:qcs_ac450:-:::::::*
abb	qcs_ac450_firmware	*	cpe:2.3:o:abb:qcs_ac450_firmware::::::::
abb	qcs_ac450_firmware	6.1.0	cpe:2.3:o:abb:qcs_ac450_firmware:6.1.0:sp2::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QCS 800xA",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "6.1SP2",
        "status": "affected",
        "version": "1.0;0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QCS AC450",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "5.1SP2",
        "status": "affected",
        "version": "1.0;0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Platform Engineering Tools",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "2.3.0",
        "status": "affected",
        "version": "1.0:0",
        "versionType": "patch"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=3BUS221709&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.108646530.1437951308.1684739395-1142547495.1678209228

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2022-0010