CVE-2022-1596
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABB | REX640 PCL1 | unspecified <= 1.0.7 | affected |
| ABB | REX640 PCL2 | unspecified < 1.1.4 | affected |
| ABB | REX640 PCL3 | unspecified < 1.2.1 | affected |
Weaknesses
- CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource
Workarounds
Although these workarounds will not correct the underlying vulnerability, they can help blocking known attack vectors. • Limit the HTTP(s) and FTP(S) to a local network by a firewall • Use a next generation (OSI layer 7) firewall for blocking the traffic to the userdb.xml file • Disable remote WHMI and FTP(S) and use local HMI only
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.