admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-09xx/CVE-2022-0902.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

299 lines
8.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-0902",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2022-07-21T16:15:08.610",
"lastModified": "2022-07-28T18:56:05.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node."
},
{
"lang": "es",
"value": "Una Limitaci\u00f3n Inapropiada de un Nombre de Ruta a un Directorio Restringido (\"Salto de Ruta\"), una Neutralizaci\u00f3n Inadecuada de Elementos Especiales Usados en un Comando (\"Inyecci\u00f3n de Comandos\") vulnerabilidad en los productos de ordenador de flujo y controlador remoto de ABB (RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) permite a un atacante que explota con \u00e9xito esta vulnerabilidad pueda insertar y ejecutar c\u00f3digo arbitrario en un nodo del sistema afectado"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:rmc-100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2105457-037",
"matchCriteriaId": "CA243091-CEE0-44E7-AFA6-F4C9D340A1DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:rmc-100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15A6DBE0-3674-4E21-A8FD-E6596B675269"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:rmc-100-lite_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2106229-011",
"matchCriteriaId": "C2B83556-9ED0-4485-926E-ADBDD8E26D88"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:rmc-100-lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582A346B-3E06-4E78-B0D5-9367AB7A67D6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:xio_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2106198-008",
"matchCriteriaId": "4F09812E-71E7-4D66-8F00-6E2E5A2595F9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:xio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17226DD8-9346-492E-B1B7-69088B264D3E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:xfcg5_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2105805-016",
"matchCriteriaId": "45EFC140-3365-43A3-B412-001298DC0BAC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:xfcg5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C52898CC-B612-47E1-B742-5694112CF803"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:xrcg5_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2105864-016",
"matchCriteriaId": "96218B5B-79E5-40D5-ACBA-718EFCF1141F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:xrcg5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93E581C-470A-453B-96B9-8294A9D35895"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:uflog5_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2105298-024",
"matchCriteriaId": "1F597B0D-31CD-4F37-8396-128C82D2BF17"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:uflog5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37E0FC3A-0436-4E3C-95B0-5BA2BDF29887"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:udc_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2106177-007",
"matchCriteriaId": "3FA49A84-213C-46FC-AD17-CB7EAD6BD90C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:udc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC9B8EF-6F59-41DD-8359-2E2A0F8E1903"
}
]
}
]
}
],
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0927&LanguageCode=en&DocumentPartId=&Action=Launch&_ga",
"source": "cybersecurity@ch.abb.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink