Vulnerabilites related to abb - zenon
CVE-2022-34836 (GCVE-0-2022-34836)
Vulnerability from cvelistv5
Published
2022-08-24 15:15
Modified
2024-09-17 02:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABB Zenon",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "8.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
}
],
"datePublic": "2022-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T15:15:00",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2022-07-26T07:54:00.000Z",
"ID": "CVE-2022-34836",
"STATE": "PUBLIC",
"TITLE": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB Zenon",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.20"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-34836",
"datePublished": "2022-08-24T15:15:00.271508Z",
"dateReserved": "2022-06-30T00:00:00",
"dateUpdated": "2024-09-17T02:26:50.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3321 (GCVE-0-2023-3321)
Vulnerability from cvelistv5
Published
2023-07-24 17:06
Modified
2024-10-24 15:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-15 - External Control of System or Configuration Setting
Summary
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | ABB Ability™ zenon |
Version: 11 build < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:01.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T15:59:00.259510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T15:59:10.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABB Ability\u2122 zenon",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "11 build 106404",
"status": "affected",
"version": "11 build ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers."
}
],
"datePublic": "2023-07-23T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\u003cbr\u003e\u003cp\u003eThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\u003c/p\u003e"
}
],
"value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15: External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T17:06:31.093Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Code Execution through Writable Mosquitto Configuration File",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nABB recommends the following workarounds. Although these workarounds will not correct the underlying vulnerability, they block the known attack vectors.\n\u2022 For CVE-2023-3321, Recommended practices include that process control systems are physically protected,\nhave no direct connections to the Internet, and are separated from other networks by\nmeans of a firewall system that has a minimal number of ports exposed.\u0026nbsp; Remove the default directory permissions for \u2018Everyone\u2019 on the service grid, ABB utilities, and zenon_Projects directories and provide access only to specific users that are\nexpected to access zenon.\u0026nbsp; Install the IIoT services, which is, the Service grid component on a separate system.\u0026nbsp; Secure the ZEE600 related executable files in \u2018C:\\ProgramData\\ABB\\ABBUtilities\u2019 directory by removing the group named \u201cEveryone\u201d.\u0026nbsp; Ensure the group name \u201cEveryone\u201d should be removed from the following directory.\n\u2018C:\\ProgramData\\ABB\u2019.\u0026nbsp; Secure zenon_Projects directory by managing the access permissions. The project directory should have access only for the user group (Excluding administrator) which has\nthe users to use zenon projects. Consider the following example:\n\nExample: A user group named \u2018zenonOwnersGroup\u2019 to be created and it is the only\ngroup that has write access to the zenon_ Projects directory. If the system has 2 users\nsuch as test1(Part of zenonOwnersGroup ) and test2 (not in zenonOwnersGroup ). The\nproject directory (C:\\Users\\Public\\Documents\\zenon_Projects) should have write access only for the zenonOwnersGroup and for no one else. Now, test1 should have write\naccess the zenon_Project directory and test2 should not.\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "\nABB recommends the following workarounds. Although these workarounds will not correct the underlying vulnerability, they block the known attack vectors.\n\u2022 For CVE-2023-3321, Recommended practices include that process control systems are physically protected,\nhave no direct connections to the Internet, and are separated from other networks by\nmeans of a firewall system that has a minimal number of ports exposed.\u00a0 Remove the default directory permissions for \u2018Everyone\u2019 on the service grid, ABB utilities, and zenon_Projects directories and provide access only to specific users that are\nexpected to access zenon.\u00a0 Install the IIoT services, which is, the Service grid component on a separate system.\u00a0 Secure the ZEE600 related executable files in \u2018C:\\ProgramData\\ABB\\ABBUtilities\u2019 directory by removing the group named \u201cEveryone\u201d.\u00a0 Ensure the group name \u201cEveryone\u201d should be removed from the following directory.\n\u2018C:\\ProgramData\\ABB\u2019.\u00a0 Secure zenon_Projects directory by managing the access permissions. The project directory should have access only for the user group (Excluding administrator) which has\nthe users to use zenon projects. Consider the following example:\n\nExample: A user group named \u2018zenonOwnersGroup\u2019 to be created and it is the only\ngroup that has write access to the zenon_ Projects directory. If the system has 2 users\nsuch as test1(Part of zenonOwnersGroup ) and test2 (not in zenonOwnersGroup ). The\nproject directory (C:\\Users\\Public\\Documents\\zenon_Projects) should have write access only for the zenonOwnersGroup and for no one else. Now, test1 should have write\naccess the zenon_Project directory and test2 should not.\n\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-3321",
"datePublished": "2023-07-24T17:06:31.093Z",
"dateReserved": "2023-06-19T15:47:17.589Z",
"dateUpdated": "2024-10-24T15:59:10.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3323 (GCVE-0-2023-3323)
Vulnerability from cvelistv5
Published
2023-07-24 17:17
Modified
2024-10-18 13:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | ABB Ability™ zenon |
Version: 11 build < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:02.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T13:00:08.154446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T13:02:35.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABB Ability\u2122 zenon",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "11 build 106404",
"status": "affected",
"version": "11 build ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers."
}
],
"datePublic": "2023-07-23T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\u003cbr\u003e\u003cp\u003eThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\u003c/p\u003e\n\n"
}
],
"value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T17:17:09.348Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": " Code Execution through overwriting project file on zenon engineering studio system",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nABB recommends the following workarounds. Although these workarounds will not correct the underlying vulnerability, they block the known attack vectors.\n\u2022 For CVE-2023-3323, Recommended practices include that process control systems are physically protected,\nhave no direct connections to the Internet, and are separated from other networks by\nmeans of a firewall system that has a minimal number of ports exposed. Remove the default directory permissions for \u2018Everyone\u2019 on the service grid, ABB utilities, and zenon_Projects directories and provide access only to specific users that are\nexpected to access zenon. Install the IIoT services, which is, the Service grid component on a separate system. Secure the ZEE600 related executable files in \u2018C:\\ProgramData\\ABB\\ABBUtilities\u2019 directory by removing the group named \u201cEveryone\u201d. Ensure the group name \u201cEveryone\u201d should be removed from the following directory.\n\u2018C:\\ProgramData\\ABB\u2019. Secure zenon_Projects directory by managing the access permissions. The project directory should have access only for the user group (Excluding administrator) which has\nthe users to use zenon projects. Consider the following example:\n\nExample: A user group named \u2018zenonOwnersGroup\u2019 to be created and it is the only\ngroup that has write access to the zenon_ Projects directory. If the system has 2 users\nsuch as test1(Part of zenonOwnersGroup ) and test2 (not in zenonOwnersGroup ). The\nproject directory (C:\\Users\\Public\\Documents\\zenon_Projects) should have write access only for the zenonOwnersGroup and for no one else. Now, test1 should have write\naccess the zenon_Project directory and test2 should not.\n\n\n\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n\n\nABB recommends the following workarounds. Although these workarounds will not correct the underlying vulnerability, they block the known attack vectors.\n\u2022 For CVE-2023-3323, Recommended practices include that process control systems are physically protected,\nhave no direct connections to the Internet, and are separated from other networks by\nmeans of a firewall system that has a minimal number of ports exposed. Remove the default directory permissions for \u2018Everyone\u2019 on the service grid, ABB utilities, and zenon_Projects directories and provide access only to specific users that are\nexpected to access zenon. Install the IIoT services, which is, the Service grid component on a separate system. Secure the ZEE600 related executable files in \u2018C:\\ProgramData\\ABB\\ABBUtilities\u2019 directory by removing the group named \u201cEveryone\u201d. Ensure the group name \u201cEveryone\u201d should be removed from the following directory.\n\u2018C:\\ProgramData\\ABB\u2019. Secure zenon_Projects directory by managing the access permissions. The project directory should have access only for the user group (Excluding administrator) which has\nthe users to use zenon projects. Consider the following example:\n\nExample: A user group named \u2018zenonOwnersGroup\u2019 to be created and it is the only\ngroup that has write access to the zenon_ Projects directory. If the system has 2 users\nsuch as test1(Part of zenonOwnersGroup ) and test2 (not in zenonOwnersGroup ). The\nproject directory (C:\\Users\\Public\\Documents\\zenon_Projects) should have write access only for the zenonOwnersGroup and for no one else. Now, test1 should have write\naccess the zenon_Project directory and test2 should not.\n\n\n\n\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-3323",
"datePublished": "2023-07-24T17:17:09.348Z",
"dateReserved": "2023-06-19T15:47:21.374Z",
"dateUpdated": "2024-10-18T13:02:35.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3322 (GCVE-0-2023-3322)
Vulnerability from cvelistv5
Published
2023-07-24 17:12
Modified
2024-10-24 16:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | ABB Ability™ zenon |
Version: 11 build < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T16:01:50.631354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T16:02:00.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABB Ability\u2122 zenon",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "11 build 106404",
"status": "affected",
"version": "11 build ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers."
}
],
"datePublic": "2023-07-23T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\u003cbr\u003e\u003cp\u003eThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\u003c/p\u003e\n\n"
}
],
"value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T17:12:37.224Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": " Code Execution through overwriting service executable in utilities directory",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nABB recommends the following workarounds. Although these workarounds will not correct the underlying vulnerability, they block the known attack vectors.\n\u2022 For CVE-2023-3322, Recommended practices include that process control systems are physically protected,\nhave no direct connections to the Internet, and are separated from other networks by\nmeans of a firewall system that has a minimal number of ports exposed. Remove the default directory permissions for \u2018Everyone\u2019 on the service grid, ABB utilities, and zenon_Projects directories and provide access only to specific users that are\nexpected to access zenon. Install the IIoT services, which is, the Service grid component on a separate system. Secure the ZEE600 related executable files in \u2018C:\\ProgramData\\ABB\\ABBUtilities\u2019 directory by removing the group named \u201cEveryone\u201d. Ensure the group name \u201cEveryone\u201d should be removed from the following directory.\n\u2018C:\\ProgramData\\ABB\u2019. Secure zenon_Projects directory by managing the access permissions. The project directory should have access only for the user group (Excluding administrator) which has\nthe users to use zenon projects. Consider the following example:\n\nExample: A user group named \u2018zenonOwnersGroup\u2019 to be created and it is the only\ngroup that has write access to the zenon_ Projects directory. If the system has 2 users\nsuch as test1(Part of zenonOwnersGroup ) and test2 (not in zenonOwnersGroup ). The\nproject directory (C:\\Users\\Public\\Documents\\zenon_Projects) should have write access only for the zenonOwnersGroup and for no one else. Now, test1 should have write\naccess the zenon_Project directory and test2 should not.\n\n\n\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n\n\nABB recommends the following workarounds. Although these workarounds will not correct the underlying vulnerability, they block the known attack vectors.\n\u2022 For CVE-2023-3322, Recommended practices include that process control systems are physically protected,\nhave no direct connections to the Internet, and are separated from other networks by\nmeans of a firewall system that has a minimal number of ports exposed. Remove the default directory permissions for \u2018Everyone\u2019 on the service grid, ABB utilities, and zenon_Projects directories and provide access only to specific users that are\nexpected to access zenon. Install the IIoT services, which is, the Service grid component on a separate system. Secure the ZEE600 related executable files in \u2018C:\\ProgramData\\ABB\\ABBUtilities\u2019 directory by removing the group named \u201cEveryone\u201d. Ensure the group name \u201cEveryone\u201d should be removed from the following directory.\n\u2018C:\\ProgramData\\ABB\u2019. Secure zenon_Projects directory by managing the access permissions. The project directory should have access only for the user group (Excluding administrator) which has\nthe users to use zenon projects. Consider the following example:\n\nExample: A user group named \u2018zenonOwnersGroup\u2019 to be created and it is the only\ngroup that has write access to the zenon_ Projects directory. If the system has 2 users\nsuch as test1(Part of zenonOwnersGroup ) and test2 (not in zenonOwnersGroup ). The\nproject directory (C:\\Users\\Public\\Documents\\zenon_Projects) should have write access only for the zenonOwnersGroup and for no one else. Now, test1 should have write\naccess the zenon_Project directory and test2 should not.\n\n\n\n\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-3322",
"datePublished": "2023-07-24T17:12:37.224Z",
"dateReserved": "2023-06-19T15:47:19.574Z",
"dateUpdated": "2024-10-24T16:02:00.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34837 (GCVE-0-2022-34837)
Vulnerability from cvelistv5
Published
2022-08-24 15:14
Modified
2024-09-17 04:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Summary
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABB Zenon",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "8.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
}
],
"datePublic": "2022-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T15:14:33",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2022-07-26T07:54:00.000Z",
"ID": "CVE-2022-34837",
"STATE": "PUBLIC",
"TITLE": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB Zenon",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.20"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257 Storing Passwords in a Recoverable Format"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-34837",
"datePublished": "2022-08-24T15:14:33.829175Z",
"dateReserved": "2022-06-30T00:00:00",
"dateUpdated": "2024-09-17T04:04:24.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34838 (GCVE-0-2022-34838)
Vulnerability from cvelistv5
Published
2022-08-24 15:15
Modified
2024-09-17 02:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Summary
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABB Zenon",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "8.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
}
],
"datePublic": "2022-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T15:15:26",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2022-07-26T07:54:00.000Z",
"ID": "CVE-2022-34838",
"STATE": "PUBLIC",
"TITLE": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB Zenon",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.20"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257 Storing Passwords in a Recoverable Format"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-34838",
"datePublished": "2022-08-24T15:15:26.256751Z",
"dateReserved": "2022-06-30T00:00:00",
"dateUpdated": "2024-09-17T02:53:31.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3324 (GCVE-0-2023-3324)
Vulnerability from cvelistv5
Published
2023-07-24 17:20
Modified
2024-10-18 13:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | ABB Ability™ zenon |
Version: 11 build < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:02.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T13:00:02.672918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T13:02:53.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABB Ability\u2122 zenon",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "11 build 106404",
"status": "affected",
"version": "11 build",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers."
}
],
"datePublic": "2023-07-23T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\u003cbr\u003e\u003cp\u003eThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\u003c/p\u003e\n\n"
}
],
"value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T11:49:17.721Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": " Insecure deserialization in zenon internal DLLs",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe BinaryFormatter class used in implementation of zenon runtime is considered unsafe, as it allows users to create arbitrary classes not limited to the classes the developer intended to deserialize. By deserializing user-controlled content, it may be possible\nfor attackers may potentially load and run random code.\u0026nbsp; The mitigation steps are as follows:\n\u25aa In the Engineering Studio application remove the .cdwpf files from the graphics\nfolder of each project that contains .cdwpf files created by the 3D Configurator\ntool.\n\u25aa On the system with the Engineering Studio, for each affected project, remove\nthe RT folder containing the Service Engine files\n\u25aa Compile new files in the Engineering Studio for each affected project\n\u25aa On the system with the Service Engine, remove the RT folder of each affected\nproject\n\u25aa Transport to or place onto the system with the Service Engine the newly created Service Engine files that no longer contain the .cdwpf files\n\u2022 Note: the vulnerability only exists if the 3D configurator tool is used to generate .cdwpf files\nthat are used in screens in projects for display of 3D models\n\n\u003cbr\u003e"
}
],
"value": "\nThe BinaryFormatter class used in implementation of zenon runtime is considered unsafe, as it allows users to create arbitrary classes not limited to the classes the developer intended to deserialize. By deserializing user-controlled content, it may be possible\nfor attackers may potentially load and run random code.\u00a0 The mitigation steps are as follows:\n\u25aa In the Engineering Studio application remove the .cdwpf files from the graphics\nfolder of each project that contains .cdwpf files created by the 3D Configurator\ntool.\n\u25aa On the system with the Engineering Studio, for each affected project, remove\nthe RT folder containing the Service Engine files\n\u25aa Compile new files in the Engineering Studio for each affected project\n\u25aa On the system with the Service Engine, remove the RT folder of each affected\nproject\n\u25aa Transport to or place onto the system with the Service Engine the newly created Service Engine files that no longer contain the .cdwpf files\n\u2022 Note: the vulnerability only exists if the 3D configurator tool is used to generate .cdwpf files\nthat are used in screens in projects for display of 3D models\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-3324",
"datePublished": "2023-07-24T17:20:49.522Z",
"dateReserved": "2023-06-19T15:47:23.648Z",
"dateUpdated": "2024-10-18T13:02:53.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 07:10
Severity ?
8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Summary
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B77A9C22-F351-46D9-B777-5A16C48AF78F",
"versionEndIncluding": "8.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Almacenamiento de Contrase\u00f1as en un Formato Recuperable en ABB Zenon versi\u00f3n 8.20, permite que un atacante que explote con \u00e9xito la vulnerabilidad pueda a\u00f1adir o alterar puntos de datos y los atributos correspondientes. Una vez que sean usados estos datos de ingenier\u00eda, la visualizaci\u00f3n de los datos ser\u00e1 alterada para el usuario final."
}
],
"id": "CVE-2022-34838",
"lastModified": "2024-11-21T07:10:17.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 6.0,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-24T16:15:12.323",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-257"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-24 18:15
Modified
2024-11-21 08:17
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cybersecurity@ch.abb.com | https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 | Mitigation, Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 | Mitigation, Technical Description, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBA76C8-16C7-49BF-8D76-CD618F8FC32E",
"versionEndIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n"
}
],
"id": "CVE-2023-3324",
"lastModified": "2024-11-21T08:17:01.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.5,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-24T18:15:23.717",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-24 18:15
Modified
2024-11-21 08:17
Severity ?
5.9 (Medium) - CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cybersecurity@ch.abb.com | https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 | Mitigation, Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 | Mitigation, Technical Description, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBA76C8-16C7-49BF-8D76-CD618F8FC32E",
"versionEndIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n"
}
],
"id": "CVE-2023-3323",
"lastModified": "2024-11-21T08:17:00.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.4,
"impactScore": 5.5,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-24T18:15:23.627",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-24 18:15
Modified
2024-11-21 08:17
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cybersecurity@ch.abb.com | https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 | Mitigation, Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 | Mitigation, Technical Description, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBA76C8-16C7-49BF-8D76-CD618F8FC32E",
"versionEndIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n"
}
],
"id": "CVE-2023-3321",
"lastModified": "2024-11-21T08:17:00.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-24T18:15:23.453",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-15"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-24 18:15
Modified
2024-11-21 08:17
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cybersecurity@ch.abb.com | https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 | Mitigation, Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 | Mitigation, Technical Description, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBA76C8-16C7-49BF-8D76-CD618F8FC32E",
"versionEndIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n"
}
],
"id": "CVE-2023-3322",
"lastModified": "2024-11-21T08:17:00.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-24T18:15:23.543",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 07:10
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B77A9C22-F351-46D9-B777-5A16C48AF78F",
"versionEndIncluding": "8.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Almacenamiento de Contrase\u00f1as en un Formato Recuperable en ABB Zenon versi\u00f3n 8.20, permite que un atacante que explote con \u00e9xito la vulnerabilidad pueda a\u00f1adir m\u00e1s clientes de red que puedan monitorizar varias actividades del Zenon."
}
],
"id": "CVE-2022-34837",
"lastModified": "2024-11-21T07:10:17.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 4.7,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-24T16:15:12.250",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-257"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 07:10
Severity ?
5.9 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B77A9C22-F351-46D9-B777-5A16C48AF78F",
"versionEndIncluding": "8.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Salto de Ruta Relativo en ABB Zenon versi\u00f3n 8.20, permite al usuario acceder a archivos en el sistema Zenon y el usuario tambi\u00e9n puede a\u00f1adir sus propios mensajes de registro y, por ejemplo, inundar las entradas de registro. Un atacante que explote con \u00e9xito la vulnerabilidad podr\u00eda acceder a las actividades del tiempo de ejecuci\u00f3n de Zenon, como el inicio y la detenci\u00f3n de varias actividades y el \u00faltimo c\u00f3digo de error, etc."
}
],
"id": "CVE-2022-34836",
"lastModified": "2024-11-21T07:10:17.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-24T16:15:12.087",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}