Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1596

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.

Published

2022-06-21T15:15:08.247

Last Modified

2024-11-21T06:41:02.593

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-732
Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	abb	rex640_pcl1_firmware	≤ 1.0.7	Yes
Hardware	abb	rex640_pcl1	-	No
Operating System	abb	rex640_pcl2_firmware	< 1.1.4	Yes
Hardware	abb	rex640_pcl2	-	No
Operating System	abb	rex640_pcl3_firmware	< 1.2.1	Yes
Hardware	abb	rex640_pcl3	-	No

References

https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421 Mitigation, Vendor Advisory ([email protected])
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)