CVE-2022-2155 – A vulnerability exists in the Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role.

https://notcve.org/view.php?id=CVE-2022-2155

12 Jan 2023 — A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. An attacker that manages to exploit the vulnerability on a customer’s Lumada APM could access unauthorized information by gaining unauthorized access to any Power BI reports installed by the customer. Furthermore, the vulnerability enables an attacker to manipulate asset i... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000112&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-863: Incorrect Authorization •