Vulnerabilites related to abb - rex640_pcl3
CVE-2021-22283 (GCVE-0-2021-22283)
Vulnerability from cvelistv5
Published
2023-02-28 04:21
Modified
2025-03-07 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-665 - Improper Initialization
Summary
Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | ABB | Relion protection relays - 611 series |
Version: 1.0.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001147\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:11:58.860932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:12:14.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Relion protection relays - 611 series",
"vendor": "ABB",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion protection relays - 615 series IEC 4.0 FP1",
"vendor": "ABB",
"versions": [
{
"lessThan": " 4.1.9",
"status": "affected",
"version": "4.1.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion protection relays - 615 series CN 4.0 FP1",
"vendor": "ABB",
"versions": [
{
"lessThan": "4.1.8",
"status": "affected",
"version": "4.1.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion protection relays - 615 series IEC 5.0",
"vendor": "ABB",
"versions": [
{
"lessThan": "5.0.12",
"status": "affected",
"version": "5.0.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion protection relays - 615 series IEC 5.0 FP1",
"vendor": "ABB",
"versions": [
{
"lessThan": "5.1.20",
"status": "affected",
"version": "5.1.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion protection relays - 620 series IEC/CN 2.0",
"vendor": "ABB",
"versions": [
{
"lessThan": "2.0.11",
"status": "affected",
"version": "2.0.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion protection relays - 620 series IEC/CN 2.0 FP1",
"vendor": "ABB",
"versions": [
{
"lessThan": "2.1.15",
"status": "affected",
"version": "2.1.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion protection relays - REX640 PCL1",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "1.0.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion protection relays - REX640 PCL2",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "1.1.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion protection relays - REX640 PCL3",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "1.2.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion protection relays - RER615",
"vendor": "ABB",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Monitoring and Control - REC615",
"vendor": "ABB",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Merging Unit- SMU615",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.0.2",
"status": "affected",
"version": "1.0.0",
"versionType": "firmware"
}
]
}
],
"datePublic": "2022-12-18T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.\u003cp\u003eThis issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.\u003c/p\u003e"
}
],
"value": "Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-28T04:21:41.776Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001147\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MMS File Transfer Vulnerability impact on Distribution Automation products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2021-22283",
"datePublished": "2023-02-28T04:21:41.776Z",
"dateReserved": "2021-01-05T17:31:49.081Z",
"dateUpdated": "2025-03-07T18:12:14.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2876 (GCVE-0-2023-2876)
Vulnerability from cvelistv5
Published
2023-06-13 03:52
Modified
2025-01-03 02:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
Summary
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | ABB | REX640 PCL1 |
Version: 1.0;0 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:06.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T01:58:48.969845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T02:00:22.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"firmware"
],
"product": "REX640 PCL1",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "1.0;0",
"versionType": "firmware update"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Firmware"
],
"product": "REX640 PCL2",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "1.0;0",
"versionType": "firwmare update"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"firmware"
],
"product": "REX640 PCL3",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "1.0;0",
"versionType": "firwmare update"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG\u0027s OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers."
}
],
"datePublic": "2023-06-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.\u003c/p\u003e"
}
],
"value": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1004",
"description": "CWE-1004 Sensitive Cookie Without \u0027HttpOnly\u0027 Flag",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T03:52:12.002Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Session cookie exposure for client side script",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-2876",
"datePublished": "2023-06-13T03:52:12.002Z",
"dateReserved": "2023-05-24T17:41:29.260Z",
"dateUpdated": "2025-01-03T02:00:22.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1596 (GCVE-0-2022-1596)
Vulnerability from cvelistv5
Published
2022-06-21 14:23
Modified
2024-09-16 23:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | ABB | REX640 PCL1 |
Version: unspecified < |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "REX640 PCL1",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.0.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "REX640 PCL2",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "REX640 PCL3",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG\u0027s OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers."
}
],
"datePublic": "2022-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-21T14:23:42",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB Relion REX640 Insufficient file access control",
"workarounds": [
{
"lang": "en",
"value": "Although these workarounds will not correct the underlying vulnerability, they can help blocking known \nattack vectors. \n\u2022 Limit the HTTP(s) and FTP(S) to a local network by a firewall\n\u2022 Use a next generation (OSI layer 7) firewall for blocking the traffic to the userdb.xml file\n\u2022 Disable remote WHMI and FTP(S) and use local HMI only"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2022-06-21T12:22:00.000Z",
"ID": "CVE-2022-1596",
"STATE": "PUBLIC",
"TITLE": "ABB Relion REX640 Insufficient file access control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "REX640 PCL1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0.7"
}
]
}
},
{
"product_name": "REX640 PCL2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.1.4"
}
]
}
},
{
"product_name": "REX640 PCL3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG\u0027s OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Although these workarounds will not correct the underlying vulnerability, they can help blocking known \nattack vectors. \n\u2022 Limit the HTTP(s) and FTP(S) to a local network by a firewall\n\u2022 Use a next generation (OSI layer 7) firewall for blocking the traffic to the userdb.xml file\n\u2022 Disable remote WHMI and FTP(S) and use local HMI only"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-1596",
"datePublished": "2022-06-21T14:23:42.343945Z",
"dateReserved": "2022-05-05T00:00:00",
"dateUpdated": "2024-09-16T23:11:43.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-06-13 04:15
Modified
2024-11-21 07:59
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abb | rex640_pcl1_firmware | * | |
| abb | rex640_pcl1 | - | |
| abb | rex640_pcl2_firmware | * | |
| abb | rex640_pcl2 | - | |
| abb | rex640_pcl3_firmware | * | |
| abb | rex640_pcl3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rex640_pcl1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB84892-676D-47BB-B099-5C74320B3E50",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rex640_pcl1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9256FAAB-77CF-482C-B736-FC99885C89D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rex640_pcl2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93001E90-E6B1-49BC-AA4E-CF3ED24A672E",
"versionEndExcluding": "1.1.4",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rex640_pcl2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE78102B-C672-4969-8B82-FE5ACE2FFC71",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rex640_pcl3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A03D47-0F40-4C65-93AD-911687E3C4BB",
"versionEndExcluding": "1.2.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rex640_pcl3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90916E18-27EF-46C7-979B-19D53F901CC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.\n\n"
}
],
"id": "CVE-2023-2876",
"lastModified": "2024-11-21T07:59:28.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-13T04:15:10.307",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1004"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-28 05:15
Modified
2024-11-21 05:49
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:smu615_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C01EB90B-8C81-4745-91C2-62747B185AE3",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:smu615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24FC432-A799-44A1-9D7C-BF02203655C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rec615_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDB4A6F-2E61-4962-A3D5-350070435A3B",
"versionEndExcluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rec615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A61686-5740-48D4-AF7C-34F3323F4171",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rer615_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBD6846-1876-4EB7-B450-23689D08D05C",
"versionEndExcluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rer615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB1663-BA8D-4EDA-85D3-37FF05718FB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:evd4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D151411F-BBA1-4CC1-A898-7922CE9C734C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:evd4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA5D2E2-AA96-4C81-8979-744778F19CC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:ref615r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB52A0A-144A-4701-A169-0DE203AF3733",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:ref615r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1A2F33-73B8-488B-A88C-3546CA9FB51D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rex640_pcl3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3973E21-DF2C-47BB-8C03-6FA027018873",
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rex640_pcl3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90916E18-27EF-46C7-979B-19D53F901CC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rex640_pcl2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE1B4D1-27C7-4EA9-ADA5-A7FE42E04FF6",
"versionEndExcluding": "1.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rex640_pcl2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE78102B-C672-4969-8B82-FE5ACE2FFC71",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rex640_pcl1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA125ED-192D-4E4E-A4FC-FB7EF387FD90",
"versionEndExcluding": "1.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rex640_pcl1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9256FAAB-77CF-482C-B736-FC99885C89D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rer620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8506D82-076A-4B42-AF41-CECE5B9F42A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rer620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDB660-57FB-4B12-B457-D32A20CB054D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_611_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D7EA08-4326-47EA-8045-135263708315",
"versionEndExcluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_611:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0BD760-FCEA-4620-A8D9-407C4670BDA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:ref615_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B53D526E-2EE7-4D50-B6AE-43A2E5F51902",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:ref615_iec:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A52B165-B93A-4CD5-85F7-8DC085B8BF8D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:ref615_ansi_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0493F4-7619-4D98-9D15-069ECAF34EA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:ref615_ansi:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27CE34F9-8441-4327-A7CF-BC9ED6C2838C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:ref615_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B53D526E-2EE7-4D50-B6AE-43A2E5F51902",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:ref615_iec:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C694E31-330C-41B1-A080-278A1C3111A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:red615_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1375F21-B685-4CC8-B781-73D68B07DC5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:red615_iec:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B694B186-62A0-4235-97EB-EF4A9F02F185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:ref615_ansi_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0493F4-7619-4D98-9D15-069ECAF34EA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:ref615_ansi:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A250B053-1FD7-44F1-8622-C6FDFF4DE575",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_615_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81982E5D-C2B7-40E5-B4B1-20E05558C183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_615_iec:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E98E9975-0978-4632-9202-A036A2D66C7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:relion_615_iec:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0954C681-0897-441F-AD78-2B1FBC6EC208",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:relion_615_iec:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D9C4BDD6-3EE7-4DC9-97C7-8F7F04DD80F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_615_cn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50CB9495-DBBC-4B36-AF67-6D5E1CD4CE76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_615_cn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2773068-653B-4F02-8CB8-5CA4CF7D6574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:relion_615_cn:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66B405A7-E16B-48E0-AFC9-36A6AB21451D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:relion_615_cn:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "334CAC56-FBBC-45D4-9161-A53197CB30C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:relion_615_cn:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "0B5B5511-A4EF-4814-BD67-F5A2F445B111",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:relion_615_cn:5.0:fp1:*:*:*:*:*:*",
"matchCriteriaId": "431FDF0D-6734-40C0-AFA5-A5513B7324E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_615_ansi_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78236AA2-3560-402B-B2FC-13070B805609",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_615_ansi:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "591DB01E-3610-4AD2-A5F9-D8A061B597A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:relion_615_ansi:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "63988EAE-73F9-4362-8B38-EDC3B1207F0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:relion_615_ansi:4.0:fp1:*:*:*:*:*:*",
"matchCriteriaId": "05EF9495-C9B5-40C6-B648-C85B35373023",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:relion_615_ansi:4.0:fp2:*:*:*:*:*:*",
"matchCriteriaId": "0208F75C-011B-4A15-AD1B-8DD1550B3077",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:relion_615_ansi:5.0:fp1:*:*:*:*:*:*",
"matchCriteriaId": "8B25AD70-B3B4-45A7-B4B6-E072BA0A336A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_615_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C79758CF-9F3B-4A79-A8D4-3D17D5D85497",
"versionEndExcluding": "4.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_615_iec:4.0:fp1:*:*:*:*:*:*",
"matchCriteriaId": "A6E38E09-2B98-4B3A-BFC0-391DE22ABDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_615_cn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79918D6E-7694-43B2-B474-649174A00054",
"versionEndExcluding": "4.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_615_cn:4.0:fp1:*:*:*:*:*:*",
"matchCriteriaId": "412F7432-5049-4DB0-8009-6783A3821F1F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_615_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE9A6FF-BBFD-48D6-B9D2-3AD244221C20",
"versionEndExcluding": "5.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_615_iec:5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DE999A72-CEED-4235-B68F-590CF1128268",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_615_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47DB1FAF-07D7-44FD-8368-BB29FF0DB4AD",
"versionEndExcluding": "5.1.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_615_iec:5.0:fp1:*:*:*:*:*:*",
"matchCriteriaId": "50330FD9-AA32-439B-9E06-7228A7338F46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_620_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E4CADD-7849-40B5-9DC6-8B0571A5B16E",
"versionEndExcluding": "2.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_620_iec:2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "91122A2B-236D-4D36-93BD-93A6C2DB0263",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_620_cn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7230BC1-056F-4E13-AA11-8B19AC404B71",
"versionEndExcluding": "2.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_620_cn:2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "281A30D2-94DA-4D19-AAA7-30061BD94443",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_620_ansi_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD99BDB2-6F9C-4141-AE1E-919764CD000A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_620_ansi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A89CD0B-3990-47B0-9129-2BD5951F8C9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_620_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "315BBD9A-D5ED-4864-B12D-1C95515E7818",
"versionEndExcluding": "2.1.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_620_iec:2.0:fp1:*:*:*:*:*:*",
"matchCriteriaId": "CD43DF9B-4D26-4B59-BADA-F333D7E2815D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:relion_620_cn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BEA650E-EFD1-445D-8022-5C512E98B485",
"versionEndExcluding": "2.1.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:relion_620_cn:2.0:fp1:*:*:*:*:*:*",
"matchCriteriaId": "806460AF-BC4A-4584-8172-20092865AEEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.\n\n"
}
],
"id": "CVE-2021-22283",
"lastModified": "2024-11-21T05:49:50.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-28T05:15:12.260",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001147\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001147\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-21 15:15
Modified
2024-11-21 06:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cybersecurity@ch.abb.com | https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abb | rex640_pcl1_firmware | * | |
| abb | rex640_pcl1 | - | |
| abb | rex640_pcl2_firmware | * | |
| abb | rex640_pcl2 | - | |
| abb | rex640_pcl3_firmware | * | |
| abb | rex640_pcl3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rex640_pcl1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9157F421-659A-4EE8-8622-58C6928A0FB5",
"versionEndIncluding": "1.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rex640_pcl1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9256FAAB-77CF-482C-B736-FC99885C89D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rex640_pcl2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE1B4D1-27C7-4EA9-ADA5-A7FE42E04FF6",
"versionEndExcluding": "1.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rex640_pcl2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE78102B-C672-4969-8B82-FE5ACE2FFC71",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:rex640_pcl3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3973E21-DF2C-47BB-8C03-6FA027018873",
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:rex640_pcl3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90916E18-27EF-46C7-979B-19D53F901CC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Asignaci\u00f3n incorrecta de permisos para recursos cr\u00edticos en ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 permite a un atacante autenticado lanzar un ataque contra el archivo de la base de datos del usuario e intentar tomar el control de un nodo del sistema afectado"
}
],
"id": "CVE-2022-1596",
"lastModified": "2024-11-21T06:41:02.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-21T15:15:08.247",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}