CVE-2022-26080 - OpenCVE

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Abb	H5692448 G104 Ne843 S Firmware H5692448 G451c\(2\) H5692448 G630-4 H5692448 G842 H5692448 G630-4 Firmware H5692448 G461\(2\) Ne843 S H5692448 G451c\(2\) Firmware H5692448 G104 Firmware H5692448 G842 Firmware H5692448 G224l Firmware H5692448 G224l H5692448 G461\(2\) Firmware

Configuration 1 [-]

AND

cpe:2.3:h:abb:h5692448_g104:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:h5692448_g104_firmware:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:abb:h5692448_g842:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:h5692448_g842_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:abb:h5692448_g224l:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:h5692448_g224l_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:abb:h5692448_g630-4:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:h5692448_g630-4_firmware:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:abb:h5692448_g451c\(2\):-:*:*:*:*:*:*:*

cpe:2.3:o:abb:h5692448_g451c\(2\)_firmware:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:abb:h5692448_g461\(2\):-:*:*:*:*:*:*:*

cpe:2.3:o:abb:h5692448_g461\(2\)_firmware:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:abb:ne843_s:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:ne843_s_firmware:-:*:*:*:*:*:*:*

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.256117643.1223066510.1678942947-1879524908.1677751217	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ABB

Published: 2023-03-16T12:53:29.530Z

Updated: 2023-03-16T12:53:29.530Z

Reserved: 2022-02-28T10:03:33.399Z

Link: CVE-2022-26080

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-16T13:15:08.863

Modified: 2023-11-07T03:44:55.370

Link: CVE-2022-26080

JSON object: View

Redhat Information

No data.

CWE

CWE-330

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-26080", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2022-02-28T10:03:33.399Z", "datePublished": "2023-03-16T12:53:29.530Z", "dateUpdated": "2023-03-16T12:53:29.530Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Pulsar Plus System Controller NE843_S ", "vendor": "ABB", "versions": [{"status": "affected", "version": "comcode 150042936"}]}, {"defaultStatus": "unaffected", "product": "Infinity DC Power Plant", "vendor": "ABB", "versions": [{"status": "affected", "version": "H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "We acknowledge the help of Vlad Ionescu of Facebook Red Team X for reports on the vulnerabilities described in this document."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.<p>This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.</p>"}], "value": "Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2023-03-16T12:53:29.530Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.256117643.1223066510.1678942947-1879524908.1677751217"}], "source": {"discovery": "UNKNOWN"}, "title": "Easily guessable session ID's in NE843 Pulsar Plus Controller", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:abb:h5692448_g104:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EF5497C-0510-414A-B96B-24906B3F35AA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:abb:h5692448_g104_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0F74600-CFD5-4DBC-A29A-EE5A6B002517", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:abb:h5692448_g842:-:*:*:*:*:*:*:*", "matchCriteriaId": "560166BE-B924-4232-B955-2CE861C4270D", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:abb:h5692448_g842_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D31272C5-13D7-43B5-AF45-4FE6307E234E", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:abb:h5692448_g224l:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C5529A7-CA5E-4F4F-A623-F2131C09C8C1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:abb:h5692448_g224l_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "78F66A6E-B51B-4D10-AEF9-65A80DAA1093", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:abb:h5692448_g630-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "E743E2A0-0762-4BB7-92B5-2C3A552B4886", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:abb:h5692448_g630-4_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0AE1CD2D-8EA5-4BF7-AA2A-1668ABFF8BC7", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:abb:h5692448_g451c\\(2\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "14D47479-1D2C-4490-A3F1-53ADEB30D3A0", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:abb:h5692448_g451c\\(2\\)_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0244B1ED-0B75-442C-B556-FA732FAF6105", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:abb:h5692448_g461\\(2\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "057DB785-DFF7-4182-A517-8F870522B674", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:abb:h5692448_g461\\(2\\)_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C77E5221-4728-49AA-8162-D4C633324B67", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:abb:ne843_s:-:*:*:*:*:*:*:*", "matchCriteriaId": "19231E30-C773-4C77-B268-ED752A3EFF06", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:abb:ne843_s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "10227ED3-F013-4607-BBCB-3DD8FCD64704", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.\n\n"}], "id": "CVE-2022-26080", "lastModified": "2023-11-07T03:44:55.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 4.2, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2023-03-16T13:15:08.863", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.256117643.1223066510.1678942947-1879524908.1677751217"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-330"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}