A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
Metrics
CVSS Version: 3.1 |
Base Score: 6.3 MEDIUM Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* LOW User Interaction (UI)* REQUIRED Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* LOW Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-502 CWE Name: CWE-502 Deserialization of Untrusted Data Source: ABB
Common Attack Pattern Enumeration and Classification (CAPEC)