Detections
Analytics
ABB REX640 Incorrect Permission Assignment for Critical Resource (CVE-2022-1596)
medium Tenable OT Security Plugin ID 500661
Synopsis
The remote OT asset is affected by a vulnerability.Description
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.- Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. (CVE-2022-1596)
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421
Plugin Details
Severity: Medium
ID: 500661
Version: 1.5
Type: remote
Family: Tenable.ot
Published: 6/29/2022
Updated: 10/19/2023
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS Score Source: CVE-2022-1596
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:abb:rex640_pcl1_firmware, cpe:/o:abb:rex640_pcl2_firmware, cpe:/o:abb:rex640_pcl3_firmware
Required KB Items: Tenable.ot/ABB
Exploit Ease: No known exploits are available
Patch Publication Date: 6/21/2022
Vulnerability Publication Date: 6/21/2022
Reference Information
CVE: CVE-2022-1596
CWE: 732