// For flags

CVE-2022-1596

ABB Relion REX640 Insufficient file access control

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.

Una vulnerabilidad de Asignación incorrecta de permisos para recursos críticos en ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 permite a un atacante autenticado lanzar un ataque contra el archivo de la base de datos del usuario e intentar tomar el control de un nodo del sistema afectado

*Credits: ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG's OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-05-05 CVE Reserved
  • 2022-06-21 CVE Published
  • 2024-01-12 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Abb
Search vendor "Abb"
Rex640 Pcl1 Firmware
Search vendor "Abb" for product "Rex640 Pcl1 Firmware"
<= 1.0.7
Search vendor "Abb" for product "Rex640 Pcl1 Firmware" and version " <= 1.0.7"
-
Affected
in Abb
Search vendor "Abb"
Rex640 Pcl1
Search vendor "Abb" for product "Rex640 Pcl1"
--
Safe
Abb
Search vendor "Abb"
Rex640 Pcl2 Firmware
Search vendor "Abb" for product "Rex640 Pcl2 Firmware"
< 1.1.4
Search vendor "Abb" for product "Rex640 Pcl2 Firmware" and version " < 1.1.4"
-
Affected
in Abb
Search vendor "Abb"
Rex640 Pcl2
Search vendor "Abb" for product "Rex640 Pcl2"
--
Safe
Abb
Search vendor "Abb"
Rex640 Pcl3 Firmware
Search vendor "Abb" for product "Rex640 Pcl3 Firmware"
< 1.2.1
Search vendor "Abb" for product "Rex640 Pcl3 Firmware" and version " < 1.2.1"
-
Affected
in Abb
Search vendor "Abb"
Rex640 Pcl3
Search vendor "Abb" for product "Rex640 Pcl3"
--
Safe