CVE-2022-26080
Easily guessable session ID's in NE843 Pulsar Plus Controller
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.
*Credits:
We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities described in this document.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-02-28 CVE Reserved
- 2023-03-16 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-330: Use of Insufficiently Random Values
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Abb Search vendor "Abb" | H5692448 G104 Firmware Search vendor "Abb" for product "H5692448 G104 Firmware" | - | - |
Affected
| in | Abb Search vendor "Abb" | H5692448 G104 Search vendor "Abb" for product "H5692448 G104" | - | - |
Safe
|
Abb Search vendor "Abb" | H5692448 G842 Firmware Search vendor "Abb" for product "H5692448 G842 Firmware" | - | - |
Affected
| in | Abb Search vendor "Abb" | H5692448 G842 Search vendor "Abb" for product "H5692448 G842" | - | - |
Safe
|
Abb Search vendor "Abb" | H5692448 G224l Firmware Search vendor "Abb" for product "H5692448 G224l Firmware" | - | - |
Affected
| in | Abb Search vendor "Abb" | H5692448 G224l Search vendor "Abb" for product "H5692448 G224l" | - | - |
Safe
|
Abb Search vendor "Abb" | H5692448 G630-4 Firmware Search vendor "Abb" for product "H5692448 G630-4 Firmware" | - | - |
Affected
| in | Abb Search vendor "Abb" | H5692448 G630-4 Search vendor "Abb" for product "H5692448 G630-4" | - | - |
Safe
|
Abb Search vendor "Abb" | H5692448 G451c\(2\) Firmware Search vendor "Abb" for product "H5692448 G451c\(2\) Firmware" | - | - |
Affected
| in | Abb Search vendor "Abb" | H5692448 G451c\(2\) Search vendor "Abb" for product "H5692448 G451c\(2\)" | - | - |
Safe
|
Abb Search vendor "Abb" | H5692448 G461\(2\) Firmware Search vendor "Abb" for product "H5692448 G461\(2\) Firmware" | - | - |
Affected
| in | Abb Search vendor "Abb" | H5692448 G461\(2\) Search vendor "Abb" for product "H5692448 G461\(2\)" | - | - |
Safe
|
Abb Search vendor "Abb" | Ne843 S Firmware Search vendor "Abb" for product "Ne843 S Firmware" | - | - |
Affected
| in | Abb Search vendor "Abb" | Ne843 S Search vendor "Abb" for product "Ne843 S" | - | - |
Safe
|