CVE-2022-1596

CWE-732 — Incorrect Permission Assignment5 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 55.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Rex640 Pcl2 ABB Rex640 Pcl3 ABB Rex640 Pcl2 Firmware +3 more

Timeline

PublishedJun 21

Latest updateJun 22

Description

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5abb/rex640_pcl2unspecified — 1.1.4

▶CVEListV5abb/rex640_pcl3unspecified — 1.2.1

▶NVDabb/rex640_pcl2_firmware< 1.1.4

▶NVDabb/rex640_pcl3_firmware< 1.2.1

▶CVEListV5abb/rex640_pcl1unspecified — 1.0.7

🔴Vulnerability Details

GHSA

GHSA-xcx4-g33r-wmfq: Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to l↗2022-06-22

▶

CVEList

ABB Relion REX640 Insufficient file access control↗2022-06-21

▶