Details of VAR-202208-1783

ID

VAR-202208-1783

CVE

CVE-2022-34837

TITLE

ABB of zenon Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015777

DESCRIPTION

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. ABB of zenon There are vulnerabilities in inadequate protection of credentials.Information may be obtained and information may be tampered with. ABB Zenon is a secure operational data management platform from ABB Switzerland. Easily connect machines, infrastructure and production assets. There is a security vulnerability in ABB Zenon 8.20 and earlier versions

Trust: 1.8

sources: NVD: CVE-2022-34837 // JVNDB: JVNDB-2022-015777 // VULHUB: VHN-427957 // VULMON: CVE-2022-34837

AFFECTED PRODUCTS

vendor:	abb	model:	zenon	scope:	lte	version:	8.20	Trust: 1.0
vendor:	abb	model:	zenon	scope:	eq	version:	-	Trust: 0.8
vendor:	abb	model:	zenon	scope:	-	version:	-	Trust: 0.8
vendor:	abb	model:	zenon	scope:	lte	version:	8.20 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2022-015777 // NVD: CVE-2022-34837

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34837
value:	MEDIUM
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2022-34837
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-34837
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202208-3824
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-34837
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	4.2
version:	3.1
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2022-34837
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.4
impactScore:	4.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34837
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015777 // CNNVD: CNNVD-202208-3824 // NVD: CVE-2022-34837 // NVD: CVE-2022-34837

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-257	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-427957 // JVNDB: JVNDB-2022-015777 // NVD: CVE-2022-34837

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202208-3824

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-3824

PATCH

title:

ABB Zenon Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206049

Trust: 0.6

sources: CNNVD: CNNVD-202208-3824

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34837	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-015777	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-3824	Trust: 0.7
db:	VULHUB	id:	VHN-427957	Trust: 0.1
db:	VULMON	id:	CVE-2022-34837	Trust: 0.1

sources: VULHUB: VHN-427957 // VULMON: CVE-2022-34837 // JVNDB: JVNDB-2022-015777 // CNNVD: CNNVD-202208-3824 // NVD: CVE-2022-34837

REFERENCES

url:	https://search.abb.com/library/download.aspx?documentid=2nga001479&languagecode=en&documentpartid=&action=launch	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34837	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34837/	Trust: 0.6
url:	https://search.abb.com/library/download.aspx?documentid=2nga001479&languagecode=en&documentpartid=&action=launch	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-427957 // VULMON: CVE-2022-34837 // JVNDB: JVNDB-2022-015777 // CNNVD: CNNVD-202208-3824 // NVD: CVE-2022-34837

SOURCES

db:	VULHUB	id:	VHN-427957
db:	VULMON	id:	CVE-2022-34837
db:	JVNDB	id:	JVNDB-2022-015777
db:	CNNVD	id:	CNNVD-202208-3824
db:	NVD	id:	CVE-2022-34837

LAST UPDATE DATE

2024-08-14T14:24:36.597000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-427957	date:	2022-08-29T00:00:00
db:	VULMON	id:	CVE-2022-34837	date:	2022-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-015777	date:	2023-09-28T08:09:00
db:	CNNVD	id:	CNNVD-202208-3824	date:	2022-08-30T00:00:00
db:	NVD	id:	CVE-2022-34837	date:	2022-08-29T18:27:18.120

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-427957	date:	2022-08-24T00:00:00
db:	VULMON	id:	CVE-2022-34837	date:	2022-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-015777	date:	2023-09-28T00:00:00
db:	CNNVD	id:	CNNVD-202208-3824	date:	2022-08-24T00:00:00
db:	NVD	id:	CVE-2022-34837	date:	2022-08-24T16:15:12.250