cve-2022-3192
Vulnerability from cvelistv5
Published
2023-03-31 16:13
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Improper Check for Unusual or Exceptional Conditions
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.643Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://abb.com/plc", "defaultStatus": "unknown", "packageName": "PM5xx", "product": "AC500 V2", "vendor": "ABB", "versions": [ { "lessThan": "2.8.6", "status": "affected", "version": "2.0.0", "versionType": "release" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "ABB thanks the following for working with us to help protect customers: CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.\u003cp\u003eThis issue affects AC500 V2: from 2.0.0 before 2.8.6.\u003c/p\u003e" } ], "value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n" } ], "impacts": [ { "capecId": "CAPEC-220", "descriptions": [ { "lang": "en", "value": "CAPEC-220 Client-Server Protocol Manipulation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-13T03:57:46.530Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": " Improper Check for Unusual or Exceptional Conditions", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eUse the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis protocol/port is not affected by the DoS impact of the vulnerability.\u003cbr\u003e\u003c/div\u003e" } ], "value": "Use the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \n\n\nThis protocol/port is not affected by the DoS impact of the vulnerability.\n\n\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2022-3192", "datePublished": "2023-03-31T16:13:13.149Z", "dateReserved": "2022-09-13T05:57:45.421Z", "dateUpdated": "2024-08-03T01:00:10.643Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-3192\",\"sourceIdentifier\":\"cybersecurity@ch.abb.com\",\"published\":\"2023-03-31T17:15:06.427\",\"lastModified\":\"2023-09-13T04:15:10.810\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\\n\\n\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de validaci\u00f3n de entrada incorrecta en ABB AC500 V2 PM5xx permite la Manipulaci\u00f3n del Protocolo Cliente-Servidor.Este problema afecta a AC500 V2: de la veris\u00f3n 2.0.0 a la 2.8.6.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"cybersecurity@ch.abb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cybersecurity@ch.abb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abb:ac500_cpu_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.8.6\",\"matchCriteriaId\":\"A7406B7B-1572-41B5-AD56-7D2CEA6837DD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm5630-2eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C695046-6ECB-44A2-A9BB-7A1E7947F1DB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm5650-2eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE080234-896D-4CD6-AE73-9B34A401AA48\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm5670-2eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B28B588-04F8-434E-80E5-BD3BEADA6D9B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm5675-2eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE593469-15CB-4308-A508-1DA8DB7C0F34\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm571-eth-v14x:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43FC52BE-B3AD-4E3D-A725-14F26DB68DA7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm571-v14x:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEEFC52F-720F-48D4-B256-621B39B41FA7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm572:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"244316B6-6BD3-464B-9633-E4F0548CB500\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm573-eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E50EDB62-28E9-42DB-A6D5-8F08050FD882\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm581-eth-v14x:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD582C27-64FB-419B-9B90-6E4A9288CC14\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm581-v14x:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D25E659B-67B1-4C8C-8758-D451BFD1C0DE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm582:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E3CA7E5-BE88-4F80-AB56-C0B3A3AC2AFA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm582-arcnet:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"530D0396-3A6E-4ADD-99C2-711DD05E217D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm582-eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A066AACA-B962-4554-A540-3A9615C8587A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm582-v14x:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3921759-E3A3-46CE-973B-F6F4979E4522\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm583-eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BEC2866-83F4-4546-9B1D-395E0AA0B2F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm585-eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05C4DE95-404E-43E2-BB39-763D4793ABB8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm585-mc-kit:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B39C7B7E-07F5-4C4B-9B89-415608EB2E65\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm590-arcnet-v14x:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13DC199A-73C6-48A0-8495-9ADA49CD04F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm590-eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29BAFCA6-1BE6-49F1-B553-9D2579319B2E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm590-eth-v14x:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD186FAD-48F1-4021-A94A-8B36586D8942\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm590-mc-kit:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"251C578B-E061-4825-B558-AEC670C0BF87\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm590-v14x:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C10F3025-B5D1-42F7-824C-469BC5BDEDF5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm591-2eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD806FD1-D7FC-4A1D-826F-B6C28112FED3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm591-arcnet-v14x:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21FB3060-A9C8-4A5C-A3B6-6CB03B366117\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm591-eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FDA1B4A-AC9C-4D79-8F1E-F21F6C1973EB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm591-eth-v14x:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4CA00FD-25C6-4BCC-8651-1442A96A1696\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm591-v14x:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20060D95-F9F7-4D7C-9547-23A8B1783842\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm592-eth:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCFB7CF2-1CDC-4674-8D4B-94056042BA6C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abb:pm595-4eth-f:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"137C1C80-4DF4-4297-92A3-7C902C55007A\"}]}]}],\"references\":[{\"url\":\"https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\",\"source\":\"cybersecurity@ch.abb.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.