abb pcm600_firmware 敏感数据的明文存储

CVE编号

CVE-2022-2513

利用情况

暂无

补丁情况

N/A

披露时间

2022-11-22

漏洞描述

A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. An attacker who manages to get access to the exported backup file can exploit the vulnerability and obtain credentials of the IEDs. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000120&LanguageCo...

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	系统	abb	gms600_firmware	*	From (including) 1.3	Up to (including) 1.3.1
	运行在以下环境
	系统	abb	pcm600_firmware	2.6	-
	运行在以下环境
	系统	abb	pwc600_firmware	*	From (including) 1.1	Up to (including) 1.3
	运行在以下环境
	系统	abb	relion_650_firmware	*	From (including) 1.3	Up to (including) 2.4.1
	运行在以下环境
	系统	abb	relion_670_firmware	*	From (including) 3.0	Up to (including) 3.4.1
	运行在以下环境
	系统	abb	relion_sam600-io_firmware	*	From (including) 1.0	Up to (including) 1.2
	运行在以下环境
	硬件	abb	gms600	-	-
	运行在以下环境
	硬件	abb	pcm600	-	-
	运行在以下环境
	硬件	abb	pwc600	-	-
	运行在以下环境
	硬件	abb	relion_650	-	-
	运行在以下环境
	硬件	abb	relion_670	-	-
	运行在以下环境
	硬件	abb	relion_sam600-io	-	-

CVSS3评分 5.5

• 攻击路径 本地
• 攻击复杂度 低
• 权限要求 低
• 影响范围 未更改
• 用户交互 无
• 可用性 无
• 保密性 高
• 完整性 无

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-ID	漏洞类型
CWE-312	敏感数据的明文存储

Exp相关链接

- avd.aliyun.com