Strix
26.1K

CVE-2022-0010

MEDIUMCVSS 5.5/10EPSS 0.23%

Last modified

CVE-2022-0010 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. EPSS estimates a 0.23% chance of exploitation in the next 30 days.

Description

Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.

Metrics

CVSS 3.1
5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.23%

13.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
AbbPlatform Engineering Tools>= 1.0.0, <= 2.3.0
AbbQcs 800xa Firmware>= 1.0.0, <= 5.1.0
AbbQcs 800xa Firmware5.1.0Sp2
AbbQcs Ac450 Firmware>= 1.0.0, <= 6.1.0
AbbQcs Ac450 Firmware6.1.0Sp2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-0010?
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.
How severe is CVE-2022-0010?
CVE-2022-0010 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.23% probability of exploitation in the next 30 days.
How do I fix CVE-2022-0010?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-0010?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST