CVE-2021-22284

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

8.8HIGH

EPSS

0.5%

top 35.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB OPC Server FOR AC 800m ABB Compact Product Suite - Control AND I/O OPC Server FOR AC 800m

Timeline

PublishedFeb 4

Latest updateFeb 10

Description

Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.7 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5abb/compact_product_suite_-_control_and_i/o_opc_server_for_ac_800munspecified — 5.1.0-x+2

▶NVDabb/opc5.1.0-0 — 6.0.0-4

🔴Vulnerability Details

GHSA

GHSA-xpp9-6v93-3xvq: Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node↗2022-02-10

▶

CVEList

SECURITY - OPC Server for AC 800M - Remote Code Execution Vulnerability↗2022-02-04

▶