Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-0010

Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.

Published

2023-05-22T08:15:08.920

Last Modified

2024-11-21T06:37:48.507

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-532
Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	abb	platform_engineering_tools	≤ 2.3.0	Yes
Operating System	abb	qcs_800xa_firmware	≤ 5.1.0	Yes
Operating System	abb	qcs_800xa_firmware	5.1.0	Yes
Hardware	abb	qcs_800xa	-	No
Operating System	abb	qcs_ac450_firmware	≤ 6.1.0	Yes
Operating System	abb	qcs_ac450_firmware	6.1.0	Yes
Hardware	abb	qcs_ac450	-	No

References

https://search.abb.com/library/Download.aspx?DocumentID=3BUS221709&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.108646530.1437951308.1684739395-1142547495.1678209228 Vendor Advisory ([email protected])
https://search.abb.com/library/Download.aspx?DocumentID=3BUS221709&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.108646530.1437951308.1684739395-1142547495.1678209228 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)