Lucene search

[email protected]NVD:CVE-2022-1607

HistoryFeb 24, 2023 - 5:15 a.m.

CVE-2022-1607

2023-02-2405:15:14

CWE-352

[email protected]

web.nvd.nist.gov

cve-2022-1607

cross-site request forgery

abb pulsar plus system controller

abb infinity dc power plant

comcode 150042936

comcode 150047415

h5692448 g104 g842 g224l g630-4 g451c(2) g461(2)

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

33.1%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.

Affected configurations

Nvd

Node

abbinfinity_dc_power_plantRange<5.0.0

abbne843_sRange<5.0.0

VendorProductVersionCPE
abbinfinity_dc_power_plant*cpe:2.3:a:abb:infinity_dc_power_plant:*:*:*:*:*:*:*:*
abbne843_s*cpe:2.3:a:abb:ne843_s:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
abb	infinity_dc_power_plant	*	cpe:2.3:a:abb:infinity_dc_power_plant::::::::
abb	ne843_s	*	cpe:2.3:a:abb:ne843_s::::::::

References

search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732&LanguageCode=en&DocumentPartId=&Action=Launch

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

33.1%

JSON

Related for NVD:CVE-2022-1607

cve1 prion1 cvelist1 ics1