Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-1596
PUBLISHED
More InfoOfficial Page
Assigner-ABB
Assigner Org ID-2b718523-d88f-4f37-9bbd-300c20644bf9
View Known Exploited Vulnerability (KEV) details
Published At-21 Jun, 2022 | 14:23
Updated At-16 Sep, 2024 | 23:11
Rejected At-
▼CVE Numbering Authority (CNA)
ABB Relion REX640 Insufficient file access control

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.

Affected Products
Vendor
ABBABB
Product
REX640 PCL1
Versions
Affected
  • From unspecified through 1.0.7 (custom)
Vendor
ABBABB
Product
REX640 PCL2
Versions
Affected
  • From unspecified before 1.1.4 (custom)
Vendor
ABBABB
Product
REX640 PCL3
Versions
Affected
  • From unspecified before 1.2.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-732CWE-732 Incorrect Permission Assignment for Critical Resource
Type: CWE
CWE ID: CWE-732
Description: CWE-732 Incorrect Permission Assignment for Critical Resource
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Although these workarounds will not correct the underlying vulnerability, they can help blocking known attack vectors. • Limit the HTTP(s) and FTP(S) to a local network by a firewall • Use a next generation (OSI layer 7) firewall for blocking the traffic to the userdb.xml file • Disable remote WHMI and FTP(S) and use local HMI only

Exploits
Credits
ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG's OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421
x_refsource_MISC
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421
x_refsource_MISC
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421
Resource:
x_refsource_MISC
x_transferred
Details not found