Lucene search

ABBCVE-2022-1596

HistoryJun 21, 2022 - 3:15 p.m.

CVE-2022-1596

2022-06-2115:15:08

CWE-732

ABB

web.nvd.nist.gov

cve-2022-1596

incorrect permission assignment

abb

rex640

vulnerability

security

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

JSON

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.

Affected configurations

Nvd

Node

abbrex640_pcl1_firmwareRange≤1.0.7

AND

abbrex640_pcl1Match-

Node

abbrex640_pcl2_firmwareRange<1.1.4

AND

abbrex640_pcl2Match-

Node

abbrex640_pcl3_firmwareRange<1.2.1

AND

abbrex640_pcl3Match-

VendorProductVersionCPE
abbrex640_pcl1_firmware*cpe:2.3:o:abb:rex640_pcl1_firmware:*:*:*:*:*:*:*:*
abbrex640_pcl1-cpe:2.3:h:abb:rex640_pcl1:-:*:*:*:*:*:*:*
abbrex640_pcl2_firmware*cpe:2.3:o:abb:rex640_pcl2_firmware:*:*:*:*:*:*:*:*
abbrex640_pcl2-cpe:2.3:h:abb:rex640_pcl2:-:*:*:*:*:*:*:*
abbrex640_pcl3_firmware*cpe:2.3:o:abb:rex640_pcl3_firmware:*:*:*:*:*:*:*:*
abbrex640_pcl3-cpe:2.3:h:abb:rex640_pcl3:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
abb	rex640_pcl1_firmware	*	cpe:2.3:o:abb:rex640_pcl1_firmware::::::::
abb	rex640_pcl1	-	cpe:2.3:h:abb:rex640_pcl1:-:::::::*
abb	rex640_pcl2_firmware	*	cpe:2.3:o:abb:rex640_pcl2_firmware::::::::
abb	rex640_pcl2	-	cpe:2.3:h:abb:rex640_pcl2:-:::::::*
abb	rex640_pcl3_firmware	*	cpe:2.3:o:abb:rex640_pcl3_firmware::::::::
abb	rex640_pcl3	-	cpe:2.3:h:abb:rex640_pcl3:-:::::::*

CNA Affected

[
  {
    "product": "REX640 PCL1",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "1.0.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "REX640 PCL2",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "1.1.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "REX640 PCL3",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "1.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=2NGA001421

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

JSON

Related for CVE-2022-1596