CVE-2022-34836

Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*

History

31 Aug 2022, 14:57

Type	Values Removed	Values Added
CPE		cpe:2.3:a:abb:zenon::::::::
CWE		CWE-22
References	~~(MISC) https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch -~~	(MISC) https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory
First Time		Abb zenon Abb
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.2

24 Aug 2022, 16:24

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-24 16:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-34836

Mitre link : CVE-2022-34836

CVE.ORG link : CVE-2022-34836

JSON object : View

Products Affected

abb

zenon

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-23

Relative Path Traversal

{"id": "CVE-2022-34836", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.6}]}, "published": "2022-08-24T16:15:12.087", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@ch.abb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "cybersecurity@ch.abb.com", "description": [{"lang": "en", "value": "CWE-23"}]}], "descriptions": [{"lang": "en", "value": "Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc."}, {"lang": "es", "value": "Una vulnerabilidad de Salto de Ruta Relativo en ABB Zenon versi\u00f3n 8.20, permite al usuario acceder a archivos en el sistema Zenon y el usuario tambi\u00e9n puede a\u00f1adir sus propios mensajes de registro y, por ejemplo, inundar las entradas de registro. Un atacante que explote con \u00e9xito la vulnerabilidad podr\u00eda acceder a las actividades del tiempo de ejecuci\u00f3n de Zenon, como el inicio y la detenci\u00f3n de varias actividades y el \u00faltimo c\u00f3digo de error, etc."}], "lastModified": "2022-08-31T14:57:17.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B77A9C22-F351-46D9-B777-5A16C48AF78F", "versionEndIncluding": "8.20"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@ch.abb.com"}