Details of VAR-202208-1737

ID

VAR-202208-1737

CVE

CVE-2022-34838

TITLE

ABB of zenon Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015776

DESCRIPTION

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user. ABB of zenon There are vulnerabilities in inadequate protection of credentials.Information may be obtained and information may be tampered with. ABB Zenon is a secure operational data management platform from ABB Switzerland. Easily connect machines, infrastructure and production assets. There are security vulnerabilities in ABB Zenon 8.20 and earlier versions

Trust: 1.8

sources: NVD: CVE-2022-34838 // JVNDB: JVNDB-2022-015776 // VULHUB: VHN-427956 // VULMON: CVE-2022-34838

AFFECTED PRODUCTS

vendor:	abb	model:	zenon	scope:	lte	version:	8.20	Trust: 1.0
vendor:	abb	model:	zenon	scope:	eq	version:	-	Trust: 0.8
vendor:	abb	model:	zenon	scope:	-	version:	-	Trust: 0.8
vendor:	abb	model:	zenon	scope:	lte	version:	8.20 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2022-015776 // NVD: CVE-2022-34838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34838
value:	HIGH
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2022-34838
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-34838
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202208-3823
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-34838
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.0
impactScore:	5.8
version:	3.1
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2022-34838
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.4
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34838
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015776 // CNNVD: CNNVD-202208-3823 // NVD: CVE-2022-34838 // NVD: CVE-2022-34838

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-257	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-427956 // JVNDB: JVNDB-2022-015776 // NVD: CVE-2022-34838

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202208-3823

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-3823

PATCH

title:

ABB Zenon Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206165

Trust: 0.6

sources: CNNVD: CNNVD-202208-3823

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34838	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-015776	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-3823	Trust: 0.7
db:	VULHUB	id:	VHN-427956	Trust: 0.1
db:	VULMON	id:	CVE-2022-34838	Trust: 0.1

sources: VULHUB: VHN-427956 // VULMON: CVE-2022-34838 // JVNDB: JVNDB-2022-015776 // CNNVD: CNNVD-202208-3823 // NVD: CVE-2022-34838

REFERENCES

url:	https://search.abb.com/library/download.aspx?documentid=2nga001479&languagecode=en&documentpartid=&action=launch	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34838	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34838/	Trust: 0.6
url:	https://search.abb.com/library/download.aspx?documentid=2nga001479&languagecode=en&documentpartid=&action=launch	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-427956 // VULMON: CVE-2022-34838 // JVNDB: JVNDB-2022-015776 // CNNVD: CNNVD-202208-3823 // NVD: CVE-2022-34838

SOURCES

db:	VULHUB	id:	VHN-427956
db:	VULMON	id:	CVE-2022-34838
db:	JVNDB	id:	JVNDB-2022-015776
db:	CNNVD	id:	CNNVD-202208-3823
db:	NVD	id:	CVE-2022-34838

LAST UPDATE DATE

2024-08-14T14:49:39.572000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-427956	date:	2022-08-30T00:00:00
db:	VULMON	id:	CVE-2022-34838	date:	2022-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-015776	date:	2023-09-28T08:09:00
db:	CNNVD	id:	CNNVD-202208-3823	date:	2022-08-31T00:00:00
db:	NVD	id:	CVE-2022-34838	date:	2022-08-30T19:51:55.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-427956	date:	2022-08-24T00:00:00
db:	VULMON	id:	CVE-2022-34838	date:	2022-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-015776	date:	2023-09-28T00:00:00
db:	CNNVD	id:	CNNVD-202208-3823	date:	2022-08-24T00:00:00
db:	NVD	id:	CVE-2022-34838	date:	2022-08-24T16:15:12.323