CVE-2021-22283 – MMS File Transfer Vulnerability impact on Distribution Automation products
https://notcve.org/view.php?id=CVE-2021-22283
Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2. • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001147&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-665: Improper Initialization •
CVE-2022-1607 – Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller
https://notcve.org/view.php?id=CVE-2022-1607
Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-3573
https://notcve.org/view.php?id=CVE-2022-3573
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3573.json https://gitlab.com/gitlab-org/gitlab/-/issues/378216 https://hackerone.com/reports/1730461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-34838 – ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
https://notcve.org/view.php?id=CVE-2022-34838
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user. Una vulnerabilidad de Almacenamiento de Contraseñas en un Formato Recuperable en ABB Zenon versión 8.20, permite que un atacante que explote con éxito la vulnerabilidad pueda añadir o alterar puntos de datos y los atributos correspondientes. Una vez que sean usados estos datos de ingeniería, la visualización de los datos será alterada para el usuario final. • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVE-2022-34836 – ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
https://notcve.org/view.php?id=CVE-2022-34836
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. Una vulnerabilidad de Salto de Ruta Relativo en ABB Zenon versión 8.20, permite al usuario acceder a archivos en el sistema Zenon y el usuario también puede añadir sus propios mensajes de registro y, por ejemplo, inundar las entradas de registro. Un atacante que explote con éxito la vulnerabilidad podría acceder a las actividades del tiempo de ejecución de Zenon, como el inicio y la detención de varias actividades y el último código de error, etc. • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •