ABB Relion REX640 Insufficient file access control
CVE-2022-1596

6.5MEDIUM

Key Information:

Vendor: Abb
Status: Rex640 Pcl1; Rex640 Pcl2; Rex640 Pcl3
Vendor: CVE Published:; 21 June 2022

What is CVE-2022-1596?

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.

Affected Version(s)

REX640 PCL1 <= 1.0.7

REX640 PCL2 < 1.1.4

REX640 PCL3 < 1.2.1

References

https://search.abb.com/library/Download.aspx?DocumentID=2...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2022
Vulnerability Reserved
May 5, 2022

Credit

ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG's OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers.