CVE-2022-1596 Vulnerability Details

  /     /     /  

CVE-2022-1596 Metadata Quick Info

CVE Published: 21/06/2022 | CVE Updated: 16/09/2024 | CVE Year: 2022
Source: ABB | Vendor: ABB | Product: REX640 PCL1
Status : PUBLISHED

CVE-2022-1596 Description

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.

Metrics

CVSS Version: 3.1 | Base Score: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-732
CWE Name: CWE-732 Incorrect Permission Assignment for Critical Resource
Source: ABB

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: