CVE-2022-0010 - OpenCVE

Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Abb	Platform Engineering Tools Qcs 800xa Qcs 800xa Firmware Qcs Ac450 Qcs Ac450 Firmware

Configuration 1 [-]

cpe:2.3:a:abb:platform_engineering_tools:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:abb:qcs_800xa:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:abb:qcs_800xa_firmware::::::::
	cpe:2.3:o:abb:qcs_800xa_firmware:5.1.0:sp2::::::

Configuration 3 [-]

AND

cpe:2.3:h:abb:qcs_ac450:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:abb:qcs_ac450_firmware::::::::
	cpe:2.3:o:abb:qcs_ac450_firmware:6.1.0:sp2::::::

No data.

References

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=3BUS221709&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.108646530.1437951308.1684739395-1142547495.1678209228

History

No history.

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2023-05-22T07:22:51.662Z

Updated: 2024-08-02T23:18:41.542Z

Reserved: 2021-12-13T11:17:36.576Z

Link: CVE-2022-0010

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-22T08:15:08.920

Modified: 2023-06-01T15:20:31.870

Link: CVE-2022-0010

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-0010", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2021-12-13T11:17:36.576Z", "datePublished": "2023-05-22T07:22:51.662Z", "dateUpdated": "2024-08-02T23:18:41.542Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QCS 800xA", "vendor": "ABB", "versions": [{"lessThanOrEqual": "6.1SP2", "status": "affected", "version": "1.0;0", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "QCS AC450", "vendor": "ABB", "versions": [{"lessThanOrEqual": "5.1SP2", "status": "affected", "version": "1.0;0", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "Platform Engineering Tools", "vendor": "ABB", "versions": [{"lessThanOrEqual": "2.3.0", "status": "affected", "version": "1.0:0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.<br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. </span>\n\n<p>This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.</p>"}], "value": "Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.\n\n\nAn attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. \n\nThis issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2023-05-22T07:22:51.662Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=3BUS221709&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.108646530.1437951308.1684739395-1142547495.1678209228"}], "source": {"discovery": "UNKNOWN"}, "title": "QCS 800xA Vulnerability identified in system log files", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.542Z"}, "title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=3BUS221709&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.108646530.1437951308.1684739395-1142547495.1678209228", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:platform_engineering_tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0469275-C1B5-45EE-B4A9-DE1F500E04C6", "versionEndIncluding": "2.3.0", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:abb:qcs_800xa:-:*:*:*:*:*:*:*", "matchCriteriaId": "44BDFBF8-88D6-45D9-965F-85CFD002F316", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:abb:qcs_800xa_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F25CD2B4-140C-49C4-BEBD-9021CAD12FE9", "versionEndIncluding": "5.1.0", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:abb:qcs_800xa_firmware:5.1.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "32217B3E-F886-48A1-8987-A92DA4E54A9A", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:abb:qcs_ac450:-:*:*:*:*:*:*:*", "matchCriteriaId": "79CCB4FA-2651-4E96-925F-772E3EAFA593", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:abb:qcs_ac450_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "24106F4D-2DF1-417E-9FF1-DD212E1F6F27", "versionEndIncluding": "6.1.0", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:abb:qcs_ac450_firmware:6.1.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "03FA9720-A525-4F4B-9486-C346C258B4DE", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.\n\n\nAn attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. \n\nThis issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.\n\n"}], "id": "CVE-2022-0010", "lastModified": "2023-06-01T15:20:31.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2023-05-22T08:15:08.920", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=3BUS221709&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.108646530.1437951308.1684739395-1142547495.1678209228"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}