Details of VAR-202208-1736

ID

VAR-202208-1736

CVE

CVE-2022-34836

TITLE

ABB of zenon Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015778

DESCRIPTION

Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. ABB of zenon Exists in a past traversal vulnerability.Information may be obtained and information may be tampered with. ABB Zenon is a secure operational data management platform from ABB Switzerland. Easily connect machines, infrastructure and production assets. There are security vulnerabilities in ABB Zenon 8.20 and earlier versions

Trust: 1.8

sources: NVD: CVE-2022-34836 // JVNDB: JVNDB-2022-015778 // VULHUB: VHN-427958 // VULMON: CVE-2022-34836

AFFECTED PRODUCTS

vendor:	abb	model:	zenon	scope:	lte	version:	8.20	Trust: 1.0
vendor:	abb	model:	zenon	scope:	eq	version:	-	Trust: 0.8
vendor:	abb	model:	zenon	scope:	-	version:	-	Trust: 0.8
vendor:	abb	model:	zenon	scope:	lte	version:	8.20 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2022-015778 // NVD: CVE-2022-34836

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34836
value:	HIGH
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2022-34836
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-34836
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202208-3825
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-34836
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2022-34836
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34836
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015778 // CNNVD: CNNVD-202208-3825 // NVD: CVE-2022-34836 // NVD: CVE-2022-34836

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	CWE-23	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-427958 // JVNDB: JVNDB-2022-015778 // NVD: CVE-2022-34836

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-3825

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202208-3825

PATCH

title:

ABB Zenon Repair measures for path traversal vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206247

Trust: 0.6

sources: CNNVD: CNNVD-202208-3825

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34836	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-015778	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-3825	Trust: 0.7
db:	VULHUB	id:	VHN-427958	Trust: 0.1
db:	VULMON	id:	CVE-2022-34836	Trust: 0.1

sources: VULHUB: VHN-427958 // VULMON: CVE-2022-34836 // JVNDB: JVNDB-2022-015778 // CNNVD: CNNVD-202208-3825 // NVD: CVE-2022-34836

REFERENCES

url:	https://search.abb.com/library/download.aspx?documentid=2nga001479&languagecode=en&documentpartid=&action=launch	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34836	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34836/	Trust: 0.6
url:	https://search.abb.com/library/download.aspx?documentid=2nga001479&languagecode=en&documentpartid=&action=launch	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-427958 // VULMON: CVE-2022-34836 // JVNDB: JVNDB-2022-015778 // CNNVD: CNNVD-202208-3825 // NVD: CVE-2022-34836

SOURCES

db:	VULHUB	id:	VHN-427958
db:	VULMON	id:	CVE-2022-34836
db:	JVNDB	id:	JVNDB-2022-015778
db:	CNNVD	id:	CNNVD-202208-3825
db:	NVD	id:	CVE-2022-34836

LAST UPDATE DATE

2024-08-14T14:31:00.963000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-427958	date:	2022-08-31T00:00:00
db:	VULMON	id:	CVE-2022-34836	date:	2022-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-015778	date:	2023-09-28T08:09:00
db:	CNNVD	id:	CNNVD-202208-3825	date:	2022-09-01T00:00:00
db:	NVD	id:	CVE-2022-34836	date:	2022-08-31T14:57:17.767

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-427958	date:	2022-08-24T00:00:00
db:	VULMON	id:	CVE-2022-34836	date:	2022-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-015778	date:	2023-09-28T00:00:00
db:	CNNVD	id:	CNNVD-202208-3825	date:	2022-08-24T00:00:00
db:	NVD	id:	CVE-2022-34836	date:	2022-08-24T16:15:12.087