CVE-2022-34837 - Vulnerability Details

Vendors	Products
Abb	Zenon

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "ABB Zenon", "vendor": "ABB", "versions": [{"lessThanOrEqual": "8.20", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"}], "datePublic": "2022-07-26T00:00:00", "descriptions": [{"lang": "en", "value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-257", "description": "CWE-257 Storing Passwords in a Recoverable Format", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-24T15:14:33", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch"}], "source": {"discovery": "UNKNOWN"}, "title": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@ch.abb.com", "DATE_PUBLIC": "2022-07-26T07:54:00.000Z", "ID": "CVE-2022-34837", "STATE": "PUBLIC", "TITLE": "ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ABB Zenon", "version": {"version_data": [{"version_affected": "<=", "version_value": "8.20"}]}}]}, "vendor_name": "ABB"}]}}, "credit": [{"lang": "eng", "value": "ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-257 Storing Passwords in a Recoverable Format"}]}]}, "references": {"reference_data": [{"name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "MISC", "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:22:10.616Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch"}]}]}, "cveMetadata": {"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2022-34837", "datePublished": "2022-08-24T15:14:33.829175Z", "dateReserved": "2022-06-30T00:00:00", "dateUpdated": "2024-09-17T04:04:24.349Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : ABB Zenon (string)

vendor : ABB (string)

versions : [ »

0 : { »

lessThanOrEqual : 8.20 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers (string)

}

]

datePublic : 2022-07-26T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 6.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-257 (string)

description : CWE-257 Storing Passwords in a Recoverable Format (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-08-24T15:14:33 (string)

orgId : 2b718523-d88f-4f37-9bbd-300c20644bf9 (string)

shortName : ABB (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cybersecurity@ch.abb.com (string)

DATE_PUBLIC : 2022-07-26T07:54:00.000Z (string)

ID : CVE-2022-34837 (string)

STATE : PUBLIC (string)

TITLE : ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : ABB Zenon (string)

version : { »

version_data : [ »

0 : { »

version_affected : <= (string)

version_value : 8.20 (string)

}

]

}

]

}

vendor_name : ABB (string)

}

]

}

credit : [ »

0 : { »

lang : eng (string)

value : ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers (string)

}

]

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 6.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-257 Storing Passwords in a Recoverable Format (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch (string)

refsource : MISC (string)

url : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

]

}

source : { »

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T09:22:10.616Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 2b718523-d88f-4f37-9bbd-300c20644bf9 (string)

assignerShortName : ABB (string)

cveId : CVE-2022-34837 (string)

datePublished : 2022-08-24T15:14:33.829175Z (string)

dateReserved : 2022-06-30T00:00:00 (string)

dateUpdated : 2024-09-17T04:04:24.349Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*", "matchCriteriaId": "B77A9C22-F351-46D9-B777-5A16C48AF78F", "versionEndIncluding": "8.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon."}, {"lang": "es", "value": "Una vulnerabilidad de Almacenamiento de Contrase\u00f1as en un Formato Recuperable en ABB Zenon versi\u00f3n 8.20, permite que un atacante que explote con \u00e9xito la vulnerabilidad pueda a\u00f1adir m\u00e1s clientes de red que puedan monitorizar varias actividades del Zenon."}], "id": "CVE-2022-34837", "lastModified": "2024-11-21T07:10:17.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 4.7, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-24T16:15:12.250", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-257"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B77A9C22-F351-46D9-B777-5A16C48AF78F (string)

versionEndIncluding : 8.20 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de Almacenamiento de Contraseñas en un Formato Recuperable en ABB Zenon versión 8.20, permite que un atacante que explote con éxito la vulnerabilidad pueda añadir más clientes de red que puedan monitorizar varias actividades del Zenon. (string)

}

]

id : CVE-2022-34837 (string)

lastModified : 2024-11-21T07:10:17.323 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 6.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 1.4 (number)

impactScore : 4.7 (number)

source : cybersecurity@ch.abb.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 6.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 4.2 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-08-24T16:15:12.250 (string)

references : [ »

0 : { »

source : cybersecurity@ch.abb.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

]

sourceIdentifier : cybersecurity@ch.abb.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-257 (string)

}

]

source : cybersecurity@ch.abb.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-522 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object