Search criteria
5 vulnerabilities found for Infinity DC Power Plant by ABB
VAR-202302-1885
Vulnerability from variot - Updated: 2023-12-18 13:16Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1885",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ne843 s",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "5.0.0"
},
{
"model": "infinity dc power plant",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "5.0.0"
},
{
"model": "ne843 s",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "infinity dc power plant",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020093"
},
{
"db": "NVD",
"id": "CVE-2022-1607"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:infinity_dc_power_plant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:ne843_s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1607"
}
]
},
"cve": "CVE-2022-1607",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1607",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-1607",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2022-1607",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1962",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020093"
},
{
"db": "NVD",
"id": "CVE-2022-1607"
},
{
"db": "NVD",
"id": "CVE-2022-1607"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1962"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1607"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020093"
},
{
"db": "VULHUB",
"id": "VHN-419720"
},
{
"db": "VULMON",
"id": "CVE-2022-1607"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1607",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU95755149",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-082-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020093",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.1793",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1962",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419720",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1607",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419720"
},
{
"db": "VULMON",
"id": "CVE-2022-1607"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020093"
},
{
"db": "NVD",
"id": "CVE-2022-1607"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1962"
}
]
},
"id": "VAR-202302-1885",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419720"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:16:49.066000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Pulsar Plus System Controller Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=227641"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1962"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.1
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020093"
},
{
"db": "NVD",
"id": "CVE-2022-1607"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk108467a6732\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95755149/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1607"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-05"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1607/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1793"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk108467a6732\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419720"
},
{
"db": "VULMON",
"id": "CVE-2022-1607"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020093"
},
{
"db": "NVD",
"id": "CVE-2022-1607"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1962"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419720"
},
{
"db": "VULMON",
"id": "CVE-2022-1607"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020093"
},
{
"db": "NVD",
"id": "CVE-2022-1607"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1962"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-419720"
},
{
"date": "2023-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1607"
},
{
"date": "2023-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-020093"
},
{
"date": "2023-02-24T05:15:14.510000",
"db": "NVD",
"id": "CVE-2022-1607"
},
{
"date": "2023-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1962"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-419720"
},
{
"date": "2023-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1607"
},
{
"date": "2023-10-31T03:10:00",
"db": "JVNDB",
"id": "JVNDB-2022-020093"
},
{
"date": "2023-11-07T03:42:02.290000",
"db": "NVD",
"id": "CVE-2022-1607"
},
{
"date": "2023-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1962"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1962"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB\u00a0 of \u00a0infinity\u00a0dc\u00a0power\u00a0plant\u00a0 and \u00a0ne843\u00a0s\u00a0 Cross-site request forgery vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020093"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1962"
}
],
"trust": 0.6
}
}
CVE-2022-26080 (GCVE-0-2022-26080)
Vulnerability from cvelistv5 – Published: 2023-03-16 12:53 – Updated: 2025-02-26 15:04
VLAI?
Title
Easily guessable session ID's in NE843 Pulsar Plus Controller
Summary
Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.
Severity ?
6.3 (Medium)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ABB | Pulsar Plus System Controller NE843_S |
Affected:
comcode 150042936
|
|||||||
|
|||||||||
Credits
We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities described in this document.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.256117643.1223066510.1678942947-1879524908.1677751217"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T15:03:52.076460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:04:35.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pulsar Plus System Controller NE843_S ",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "comcode 150042936"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity DC Power Plant",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities described in this document."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.\u003cp\u003eThis issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.\u003c/p\u003e"
}
],
"value": "Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T12:53:29.530Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.256117643.1223066510.1678942947-1879524908.1677751217"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Easily guessable session ID\u0027s in NE843 Pulsar Plus Controller",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-26080",
"datePublished": "2023-03-16T12:53:29.530Z",
"dateReserved": "2022-02-28T10:03:33.399Z",
"dateUpdated": "2025-02-26T15:04:35.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1607 (GCVE-0-2022-1607)
Vulnerability from cvelistv5 – Published: 2023-02-24 04:49 – Updated: 2025-03-11 15:54
VLAI?
Title
Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller
Summary
Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.
Severity ?
4.6 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ABB | Pulsar Plus System Controller NE843_S |
Affected:
comcode 150042936
|
|||||||
|
|||||||||
Credits
We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:54:53.693684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:54:58.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pulsar Plus System Controller NE843_S ",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "comcode 150042936"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity DC Power Plant",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities."
}
],
"datePublic": "2022-02-11T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-24T04:50:46.874Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA workaround is to use the controller\u2019s Read/Write Enable/Disable feature for a network port\n(NET1,WRE=0). The controller can disable all writes over the network port. The factory default is to have\nthe write capability enabled. However, some customers do not want settings to be remotely changed\nonce systems are set. This feature, when set to Disable, will allow no changes to be accepted. Once set it\ncan only be changed locally through the front panel.\nABB has tested the following workarounds. Although these workarounds will not correct the underlying\nvulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is\nidentified below as \u201cImpact of workaround\u201d\n\n\u003cbr\u003e"
}
],
"value": "\nA workaround is to use the controller\u2019s Read/Write Enable/Disable feature for a network port\n(NET1,WRE=0). The controller can disable all writes over the network port. The factory default is to have\nthe write capability enabled. However, some customers do not want settings to be remotely changed\nonce systems are set. This feature, when set to Disable, will allow no changes to be accepted. Once set it\ncan only be changed locally through the front panel.\nABB has tested the following workarounds. Although these workarounds will not correct the underlying\nvulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is\nidentified below as \u201cImpact of workaround\u201d\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-1607",
"datePublished": "2023-02-24T04:49:49.418Z",
"dateReserved": "2022-05-06T13:10:42.773Z",
"dateUpdated": "2025-03-11T15:54:58.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26080 (GCVE-0-2022-26080)
Vulnerability from nvd – Published: 2023-03-16 12:53 – Updated: 2025-02-26 15:04
VLAI?
Title
Easily guessable session ID's in NE843 Pulsar Plus Controller
Summary
Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.
Severity ?
6.3 (Medium)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ABB | Pulsar Plus System Controller NE843_S |
Affected:
comcode 150042936
|
|||||||
|
|||||||||
Credits
We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities described in this document.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.256117643.1223066510.1678942947-1879524908.1677751217"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T15:03:52.076460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:04:35.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pulsar Plus System Controller NE843_S ",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "comcode 150042936"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity DC Power Plant",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities described in this document."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.\u003cp\u003eThis issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.\u003c/p\u003e"
}
],
"value": "Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T12:53:29.530Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.256117643.1223066510.1678942947-1879524908.1677751217"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Easily guessable session ID\u0027s in NE843 Pulsar Plus Controller",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-26080",
"datePublished": "2023-03-16T12:53:29.530Z",
"dateReserved": "2022-02-28T10:03:33.399Z",
"dateUpdated": "2025-02-26T15:04:35.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1607 (GCVE-0-2022-1607)
Vulnerability from nvd – Published: 2023-02-24 04:49 – Updated: 2025-03-11 15:54
VLAI?
Title
Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller
Summary
Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.
Severity ?
4.6 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ABB | Pulsar Plus System Controller NE843_S |
Affected:
comcode 150042936
|
|||||||
|
|||||||||
Credits
We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:54:53.693684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:54:58.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pulsar Plus System Controller NE843_S ",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "comcode 150042936"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity DC Power Plant",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities."
}
],
"datePublic": "2022-02-11T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-24T04:50:46.874Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA workaround is to use the controller\u2019s Read/Write Enable/Disable feature for a network port\n(NET1,WRE=0). The controller can disable all writes over the network port. The factory default is to have\nthe write capability enabled. However, some customers do not want settings to be remotely changed\nonce systems are set. This feature, when set to Disable, will allow no changes to be accepted. Once set it\ncan only be changed locally through the front panel.\nABB has tested the following workarounds. Although these workarounds will not correct the underlying\nvulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is\nidentified below as \u201cImpact of workaround\u201d\n\n\u003cbr\u003e"
}
],
"value": "\nA workaround is to use the controller\u2019s Read/Write Enable/Disable feature for a network port\n(NET1,WRE=0). The controller can disable all writes over the network port. The factory default is to have\nthe write capability enabled. However, some customers do not want settings to be remotely changed\nonce systems are set. This feature, when set to Disable, will allow no changes to be accepted. Once set it\ncan only be changed locally through the front panel.\nABB has tested the following workarounds. Although these workarounds will not correct the underlying\nvulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is\nidentified below as \u201cImpact of workaround\u201d\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-1607",
"datePublished": "2023-02-24T04:49:49.418Z",
"dateReserved": "2022-05-06T13:10:42.773Z",
"dateUpdated": "2025-03-11T15:54:58.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}