CVE-2022-0010

Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:abb:platform_engineering_tools:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:abb:qcs_800xa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:qcs_800xa_firmware:5.1.0:sp2:*:*:*:*:*:*
cpe:2.3:h:abb:qcs_800xa:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:abb:qcs_ac450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:qcs_ac450_firmware:6.1.0:sp2:*:*:*:*:*:*
cpe:2.3:h:abb:qcs_ac450:-:*:*:*:*:*:*:*

History

01 Jun 2023, 15:20

Type Values Removed Values Added
References (MISC) https://search.abb.com/library/Download.aspx?DocumentID=3BUS221709&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.108646530.1437951308.1684739395-1142547495.1678209228 - (MISC) https://search.abb.com/library/Download.aspx?DocumentID=3BUS221709&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.108646530.1437951308.1684739395-1142547495.1678209228 - Vendor Advisory
CWE CWE-532
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CPE cpe:2.3:h:abb:qcs_800xa:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:qcs_ac450:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:qcs_ac450_firmware:6.1.0:sp2:*:*:*:*:*:*
cpe:2.3:o:abb:qcs_ac450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:qcs_800xa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:qcs_800xa_firmware:5.1.0:sp2:*:*:*:*:*:*
cpe:2.3:a:abb:platform_engineering_tools:*:*:*:*:*:*:*:*

22 May 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-22 08:15

Updated : 2024-02-04 23:37


NVD link : CVE-2022-0010

Mitre link : CVE-2022-0010

CVE.ORG link : CVE-2022-0010


JSON object : View

Products Affected

abb

  • qcs_ac450_firmware
  • platform_engineering_tools
  • qcs_ac450
  • qcs_800xa
  • qcs_800xa_firmware
CWE
CWE-532

Insertion of Sensitive Information into Log File