CVE-2022-26080

Easily guessable session ID's in NE843 Pulsar Plus Controller

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.

*Credits: We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities described in this document.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-02-28 CVE Reserved
2023-03-16 CVE Published
2024-08-03 CVE Updated
2024-10-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-330: Use of Insufficiently Random Values

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.256117643.1223066510.1678942947-1879524908.1677751217	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Abb Search vendor "Abb"	H5692448 G104 Firmware Search vendor "Abb" for product "H5692448 G104 Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	H5692448 G104 Search vendor "Abb" for product "H5692448 G104"	-	-	Safe
Abb Search vendor "Abb"	H5692448 G842 Firmware Search vendor "Abb" for product "H5692448 G842 Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	H5692448 G842 Search vendor "Abb" for product "H5692448 G842"	-	-	Safe
Abb Search vendor "Abb"	H5692448 G224l Firmware Search vendor "Abb" for product "H5692448 G224l Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	H5692448 G224l Search vendor "Abb" for product "H5692448 G224l"	-	-	Safe
Abb Search vendor "Abb"	H5692448 G630-4 Firmware Search vendor "Abb" for product "H5692448 G630-4 Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	H5692448 G630-4 Search vendor "Abb" for product "H5692448 G630-4"	-	-	Safe
Abb Search vendor "Abb"	H5692448 G451c\(2\) Firmware Search vendor "Abb" for product "H5692448 G451c\(2\) Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	H5692448 G451c\(2\) Search vendor "Abb" for product "H5692448 G451c\(2\)"	-	-	Safe
Abb Search vendor "Abb"	H5692448 G461\(2\) Firmware Search vendor "Abb" for product "H5692448 G461\(2\) Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	H5692448 G461\(2\) Search vendor "Abb" for product "H5692448 G461\(2\)"	-	-	Safe
Abb Search vendor "Abb"	Ne843 S Firmware Search vendor "Abb" for product "Ne843 S Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	Ne843 S Search vendor "Abb" for product "Ne843 S"	-	-	Safe