Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for ABB Zenon by ABB

    CVE-2022-34838 (GCVE-0-2022-34838)

    Vulnerability from nvd – Published: 2022-08-24 15:15 – Updated: 2024-09-17 02:53
    VLAI
    Title
    ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
    Summary
    Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user.
    CWE
    • CWE-257 - Storing Passwords in a Recoverable Format
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB ABB Zenon Affected: unspecified , ≤ 8.20 (custom)
    Create a notification for this product.
    Date Public
    2022-07-26 00:00
    Credits
    ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:22:10.543Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABB Zenon",
              "vendor": "ABB",
              "versions": [
                {
                  "lessThanOrEqual": "8.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
            }
          ],
          "datePublic": "2022-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "CWE-257 Storing Passwords in a Recoverable Format",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-24T15:15:26.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "DATE_PUBLIC": "2022-07-26T07:54:00.000Z",
              "ID": "CVE-2022-34838",
              "STATE": "PUBLIC",
              "TITLE": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABB Zenon",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-257 Storing Passwords in a Recoverable Format"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "MISC",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2022-34838",
        "datePublished": "2022-08-24T15:15:26.256Z",
        "dateReserved": "2022-06-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:53:31.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34837 (GCVE-0-2022-34837)

    Vulnerability from nvd – Published: 2022-08-24 15:14 – Updated: 2024-09-17 04:04
    VLAI
    Title
    ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
    Summary
    Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon.
    CWE
    • CWE-257 - Storing Passwords in a Recoverable Format
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB ABB Zenon Affected: unspecified , ≤ 8.20 (custom)
    Create a notification for this product.
    Date Public
    2022-07-26 00:00
    Credits
    ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:22:10.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABB Zenon",
              "vendor": "ABB",
              "versions": [
                {
                  "lessThanOrEqual": "8.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
            }
          ],
          "datePublic": "2022-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "CWE-257 Storing Passwords in a Recoverable Format",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-24T15:14:33.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "DATE_PUBLIC": "2022-07-26T07:54:00.000Z",
              "ID": "CVE-2022-34837",
              "STATE": "PUBLIC",
              "TITLE": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABB Zenon",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-257 Storing Passwords in a Recoverable Format"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "MISC",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2022-34837",
        "datePublished": "2022-08-24T15:14:33.829Z",
        "dateReserved": "2022-06-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:04:24.349Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34836 (GCVE-0-2022-34836)

    Vulnerability from nvd – Published: 2022-08-24 15:15 – Updated: 2024-09-17 02:26
    VLAI
    Title
    ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
    Summary
    Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB ABB Zenon Affected: unspecified , ≤ 8.20 (custom)
    Create a notification for this product.
    Date Public
    2022-07-26 00:00
    Credits
    ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:22:10.456Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABB Zenon",
              "vendor": "ABB",
              "versions": [
                {
                  "lessThanOrEqual": "8.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
            }
          ],
          "datePublic": "2022-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-24T15:15:00.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "DATE_PUBLIC": "2022-07-26T07:54:00.000Z",
              "ID": "CVE-2022-34836",
              "STATE": "PUBLIC",
              "TITLE": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABB Zenon",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-23 Relative Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "MISC",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2022-34836",
        "datePublished": "2022-08-24T15:15:00.271Z",
        "dateReserved": "2022-06-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:26:50.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34838 (GCVE-0-2022-34838)

    Vulnerability from cvelistv5 – Published: 2022-08-24 15:15 – Updated: 2024-09-17 02:53
    VLAI
    Title
    ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
    Summary
    Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user.
    CWE
    • CWE-257 - Storing Passwords in a Recoverable Format
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB ABB Zenon Affected: unspecified , ≤ 8.20 (custom)
    Create a notification for this product.
    Date Public
    2022-07-26 00:00
    Credits
    ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:22:10.543Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABB Zenon",
              "vendor": "ABB",
              "versions": [
                {
                  "lessThanOrEqual": "8.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
            }
          ],
          "datePublic": "2022-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "CWE-257 Storing Passwords in a Recoverable Format",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-24T15:15:26.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "DATE_PUBLIC": "2022-07-26T07:54:00.000Z",
              "ID": "CVE-2022-34838",
              "STATE": "PUBLIC",
              "TITLE": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABB Zenon",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-257 Storing Passwords in a Recoverable Format"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "MISC",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2022-34838",
        "datePublished": "2022-08-24T15:15:26.256Z",
        "dateReserved": "2022-06-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:53:31.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34836 (GCVE-0-2022-34836)

    Vulnerability from cvelistv5 – Published: 2022-08-24 15:15 – Updated: 2024-09-17 02:26
    VLAI
    Title
    ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
    Summary
    Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB ABB Zenon Affected: unspecified , ≤ 8.20 (custom)
    Create a notification for this product.
    Date Public
    2022-07-26 00:00
    Credits
    ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:22:10.456Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABB Zenon",
              "vendor": "ABB",
              "versions": [
                {
                  "lessThanOrEqual": "8.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
            }
          ],
          "datePublic": "2022-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-24T15:15:00.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "DATE_PUBLIC": "2022-07-26T07:54:00.000Z",
              "ID": "CVE-2022-34836",
              "STATE": "PUBLIC",
              "TITLE": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABB Zenon",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-23 Relative Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "MISC",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2022-34836",
        "datePublished": "2022-08-24T15:15:00.271Z",
        "dateReserved": "2022-06-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:26:50.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34837 (GCVE-0-2022-34837)

    Vulnerability from cvelistv5 – Published: 2022-08-24 15:14 – Updated: 2024-09-17 04:04
    VLAI
    Title
    ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
    Summary
    Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon.
    CWE
    • CWE-257 - Storing Passwords in a Recoverable Format
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB ABB Zenon Affected: unspecified , ≤ 8.20 (custom)
    Create a notification for this product.
    Date Public
    2022-07-26 00:00
    Credits
    ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:22:10.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABB Zenon",
              "vendor": "ABB",
              "versions": [
                {
                  "lessThanOrEqual": "8.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
            }
          ],
          "datePublic": "2022-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "CWE-257 Storing Passwords in a Recoverable Format",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-24T15:14:33.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "DATE_PUBLIC": "2022-07-26T07:54:00.000Z",
              "ID": "CVE-2022-34837",
              "STATE": "PUBLIC",
              "TITLE": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABB Zenon",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-257 Storing Passwords in a Recoverable Format"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "MISC",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2022-34837",
        "datePublished": "2022-08-24T15:14:33.829Z",
        "dateReserved": "2022-06-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:04:24.349Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }