Lucene search

ABBCVELIST:CVE-2022-26080

HistoryMar 16, 2023 - 12:53 p.m.

CVE-2022-26080 Easily guessable session ID's in NE843 Pulsar Plus Controller

2023-03-1612:53:29

CWE-330

ABB

www.cve.org

cve-2022-26080

session id

ne843 pulsar plus controller

abb pulsar plus system controller

abb infinity dc power plant

insufficiently random values

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

0.001 Low

EPSS

Percentile

21.2%

JSON

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Pulsar Plus System Controller NE843_S ",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "comcode 150042936"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Infinity DC Power Plant",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.256117643.1223066510.1678942947-1879524908.1677751217