CVE-2022-1596

Summary

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.

Affected Software

VendorProductVersion RangeStatus
ABBREX640 PCL1unspecified <= 1.0.7affected
ABBREX640 PCL2unspecified < 1.1.4affected
ABBREX640 PCL3unspecified < 1.2.1affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

Workarounds

Although these workarounds will not correct the underlying vulnerability, they can help blocking known attack vectors. • Limit the HTTP(s) and FTP(S) to a local network by a firewall • Use a next generation (OSI layer 7) firewall for blocking the traffic to the userdb.xml file • Disable remote WHMI and FTP(S) and use local HMI only

ADP Enrichment

CVE Program Container

Additional References

References