CVE-2022-1596
ABB Relion REX640 Insufficient file access control
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.
Una vulnerabilidad de Asignación incorrecta de permisos para recursos crÃticos en ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 permite a un atacante autenticado lanzar un ataque contra el archivo de la base de datos del usuario e intentar tomar el control de un nodo del sistema afectado
*Credits:
ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG's OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-05-05 CVE Reserved
- 2022-06-21 CVE Published
- 2024-01-12 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421 | 2022-06-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Abb Search vendor "Abb" | Rex640 Pcl1 Firmware Search vendor "Abb" for product "Rex640 Pcl1 Firmware" | <= 1.0.7 Search vendor "Abb" for product "Rex640 Pcl1 Firmware" and version " <= 1.0.7" | - |
Affected
| in | Abb Search vendor "Abb" | Rex640 Pcl1 Search vendor "Abb" for product "Rex640 Pcl1" | - | - |
Safe
|
| Abb Search vendor "Abb" | Rex640 Pcl2 Firmware Search vendor "Abb" for product "Rex640 Pcl2 Firmware" | < 1.1.4 Search vendor "Abb" for product "Rex640 Pcl2 Firmware" and version " < 1.1.4" | - |
Affected
| in | Abb Search vendor "Abb" | Rex640 Pcl2 Search vendor "Abb" for product "Rex640 Pcl2" | - | - |
Safe
|
| Abb Search vendor "Abb" | Rex640 Pcl3 Firmware Search vendor "Abb" for product "Rex640 Pcl3 Firmware" | < 1.2.1 Search vendor "Abb" for product "Rex640 Pcl3 Firmware" and version " < 1.2.1" | - |
Affected
| in | Abb Search vendor "Abb" | Rex640 Pcl3 Search vendor "Abb" for product "Rex640 Pcl3" | - | - |
Safe
|