Easily guessable session ID's in NE843 Pulsar Plus Controller
CVE-2022-26080

6.3MEDIUM

Key Information:

Vendor: Abb
Status: Pulsar Plus System Controller Ne843 S; Infinity Dc Power Plant
Vendor: CVE Published:; 16 March 2023

What is CVE-2022-26080?

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.

Affected Version(s)

Infinity DC Power Plant H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415

Pulsar Plus System Controller NE843_S comcode 150042936

References

https://search.abb.com/library/Download.aspx?DocumentID=9...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Feb 28, 2022

Credit

We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities described in this document.