Vulnerabilites related to abb - pm573-eth
CVE-2022-3192 (GCVE-0-2022-3192)
Vulnerability from cvelistv5
Published
2023-03-31 16:13
Modified
2025-02-11 18:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:39:53.320995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:40:07.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://abb.com/plc",
"defaultStatus": "unknown",
"packageName": "PM5xx",
"product": "AC500 V2",
"vendor": "ABB",
"versions": [
{
"lessThan": "2.8.6",
"status": "affected",
"version": "2.0.0",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB thanks the following for working with us to help protect customers: CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.\u003cp\u003eThis issue affects AC500 V2: from 2.0.0 before 2.8.6.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-220",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-220 Client-Server Protocol Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T03:57:46.530Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": " Improper Check for Unusual or Exceptional Conditions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUse the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis protocol/port is not affected by the DoS impact of the vulnerability.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Use the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \n\n\nThis protocol/port is not affected by the DoS impact of the vulnerability.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-3192",
"datePublished": "2023-03-31T16:13:13.149Z",
"dateReserved": "2022-09-13T05:57:45.421Z",
"dateUpdated": "2025-02-11T18:40:07.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24685 (GCVE-0-2020-24685)
Vulnerability from cvelistv5
Published
2021-02-09 03:57
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application.
- CWE-789 - Memory Allocation with Excessive Size Value
Summary
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | AC500 V2 products with onboard Ethernet |
Version: version 2.8.4 and prior versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC500 V2 products with onboard Ethernet",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "version 2.8.4 and prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application.",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T03:57:16",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AC500 V2 unauthenticated crafter packet vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-24685",
"STATE": "PUBLIC",
"TITLE": "AC500 V2 unauthenticated crafter packet vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AC500 V2 products with onboard Ethernet",
"version": {
"version_data": [
{
"version_value": "version 2.8.4 and prior versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application."
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-789 Memory Allocation with Excessive Size Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-24685",
"datePublished": "2021-02-09T03:57:16",
"dateReserved": "2020-08-26T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-02-09 04:15
Modified
2024-11-21 05:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:ac500_cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EEF8FD-379B-4D13-985D-A812C6627CE7",
"versionEndExcluding": "2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:pm573-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E50EDB62-28E9-42DB-A6D5-8F08050FD882",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm583-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEC2866-83F4-4546-9B1D-395E0AA0B2F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions."
},
{
"lang": "es",
"value": "Un paquete no autenticado especialmente dise\u00f1ado y enviado por un atacante a trav\u00e9s de la red causar\u00e1 una vulnerabilidad de denegaci\u00f3n de servicio (DoS).\u0026#xa0;Una vulnerabilidad permite a un atacante detener el PLC.\u0026#xa0;Despu\u00e9s de detenerse (LED ERR parpadeando en rojo), es requerido acceso f\u00edsico al PLC para reiniciar la aplicaci\u00f3n.\u0026#xa0;Este problema afecta a: Productos ABB AC500 V2 con Ethernet integrado versi\u00f3n 2.8.4 d y anteriores"
}
],
"id": "CVE-2020-24685",
"lastModified": "2024-11-21T05:15:46.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-09T04:15:14.393",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 17:15
Modified
2024-11-21 07:19
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abb | ac500_cpu_firmware | * | |
| abb | pm5630-2eth | 2.0 | |
| abb | pm5650-2eth | 2.0 | |
| abb | pm5670-2eth | 2.0 | |
| abb | pm5675-2eth | 2.0 | |
| abb | pm571-eth-v14x | 2.0 | |
| abb | pm571-v14x | 2.0 | |
| abb | pm572 | 2.0 | |
| abb | pm573-eth | 2.0 | |
| abb | pm581-eth-v14x | 2.0 | |
| abb | pm581-v14x | 2.0 | |
| abb | pm582 | 2.0 | |
| abb | pm582-arcnet | 2.0 | |
| abb | pm582-eth | 2.0 | |
| abb | pm582-v14x | 2.0 | |
| abb | pm583-eth | 2.0 | |
| abb | pm585-eth | 2.0 | |
| abb | pm585-mc-kit | 2.0 | |
| abb | pm590-arcnet-v14x | 2.0 | |
| abb | pm590-eth | 2.0 | |
| abb | pm590-eth-v14x | 2.0 | |
| abb | pm590-mc-kit | 2.0 | |
| abb | pm590-v14x | 2.0 | |
| abb | pm591-2eth | 2.0 | |
| abb | pm591-arcnet-v14x | 2.0 | |
| abb | pm591-eth | 2.0 | |
| abb | pm591-eth-v14x | 2.0 | |
| abb | pm591-v14x | 2.0 | |
| abb | pm592-eth | 2.0 | |
| abb | pm595-4eth-f | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:ac500_cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7406B7B-1572-41B5-AD56-7D2CEA6837DD",
"versionEndExcluding": "2.8.6",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:pm5630-2eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C695046-6ECB-44A2-A9BB-7A1E7947F1DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm5650-2eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE080234-896D-4CD6-AE73-9B34A401AA48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm5670-2eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B28B588-04F8-434E-80E5-BD3BEADA6D9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm5675-2eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE593469-15CB-4308-A508-1DA8DB7C0F34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm571-eth-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43FC52BE-B3AD-4E3D-A725-14F26DB68DA7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm571-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEFC52F-720F-48D4-B256-621B39B41FA7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm572:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "244316B6-6BD3-464B-9633-E4F0548CB500",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm573-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E50EDB62-28E9-42DB-A6D5-8F08050FD882",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm581-eth-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD582C27-64FB-419B-9B90-6E4A9288CC14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm581-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E659B-67B1-4C8C-8758-D451BFD1C0DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm582:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3CA7E5-BE88-4F80-AB56-C0B3A3AC2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm582-arcnet:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "530D0396-3A6E-4ADD-99C2-711DD05E217D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm582-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A066AACA-B962-4554-A540-3A9615C8587A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm582-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3921759-E3A3-46CE-973B-F6F4979E4522",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm583-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEC2866-83F4-4546-9B1D-395E0AA0B2F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm585-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05C4DE95-404E-43E2-BB39-763D4793ABB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm585-mc-kit:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B39C7B7E-07F5-4C4B-9B89-415608EB2E65",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm590-arcnet-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13DC199A-73C6-48A0-8495-9ADA49CD04F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm590-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29BAFCA6-1BE6-49F1-B553-9D2579319B2E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm590-eth-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD186FAD-48F1-4021-A94A-8B36586D8942",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm590-mc-kit:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "251C578B-E061-4825-B558-AEC670C0BF87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm590-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C10F3025-B5D1-42F7-824C-469BC5BDEDF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm591-2eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD806FD1-D7FC-4A1D-826F-B6C28112FED3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm591-arcnet-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21FB3060-A9C8-4A5C-A3B6-6CB03B366117",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm591-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FDA1B4A-AC9C-4D79-8F1E-F21F6C1973EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm591-eth-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CA00FD-25C6-4BCC-8651-1442A96A1696",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm591-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20060D95-F9F7-4D7C-9547-23A8B1783842",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm592-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFB7CF2-1CDC-4674-8D4B-94056042BA6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm595-4eth-f:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "137C1C80-4DF4-4297-92A3-7C902C55007A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de validaci\u00f3n de entrada incorrecta en ABB AC500 V2 PM5xx permite la Manipulaci\u00f3n del Protocolo Cliente-Servidor.Este problema afecta a AC500 V2: de la veris\u00f3n 2.0.0 a la 2.8.6."
}
],
"id": "CVE-2022-3192",
"lastModified": "2024-11-21T07:19:00.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T17:15:06.427",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}