CVE-2022-3192

Summary

Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.

Affected Software

VendorProductVersion RangeStatus
ABBAC500 V22.0.0 < 2.8.6affected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

Workarounds

Use the communication protocol "Tcp/Ip" instead of "ABB Tcp/Ip Level 2" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC.

This protocol/port is not affected by the DoS impact of the vulnerability.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References