CVE-2022-2155 A vulnerability exists in the Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role.

🗓️ 12 Jan 2023 14:01:51Reported by Hitachi EnergyType

A vulnerability in Lumada APM's User Asset Group feature allows unauthorized access to Power BI reports and manipulation of asset issue comments by attacker

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2022-2155	12 Jan 202318:30	–	circl
CNNVD	Hitachi Energy Lumada APM 安全漏洞	12 Jan 202300:00	–	cnnvd
CVE	CVE-2022-2155	12 Jan 202314:01	–	cve
EUVD	EUVD-2022-34440	3 Oct 202520:07	–	euvd
ICS	Hitachi Energy Lumada APM	12 Jan 202300:00	–	ics
NVD	CVE-2022-2155	12 Jan 202315:15	–	nvd
OSV	CVE-2022-2155	12 Jan 202315:15	–	osv
Prion	Design/Logic Flaw	12 Jan 202315:15	–	prion
Positive Technologies	PT-2023-12668 · Hitachi · Lumada Apm	12 Jan 202300:00	–	ptsecurity
Vulnrichment	CVE-2022-2155 A vulnerability exists in the Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role.	12 Jan 202314:01	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Lumada APM",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0.*"
      },
      {
        "status": "affected",
        "version": "6.1.0.*"
      },
      {
        "status": "affected",
        "version": "6.2.0.*"
      },
      {
        "status": "affected",
        "version": "6.3.0.*"
      },
      {
        "status": "affected",
        "version": "6.4.0.0"
      },
      {
        "status": "unaffected",
        "version": "6.4.0.1"
      },
      {
        "status": "unaffected",
        "version": "6.5.0.0"
      }
    ]
  }
]

Source	Link
search	www.search.abb.com/library/Download.aspx

12 Jan 2023 14:01Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.15.7

EPSS0.00356

CWE-863