{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3192", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2022-09-13T05:57:45.421Z", "datePublished": "2023-03-31T16:13:13.149Z", "dateUpdated": "2025-02-11T18:40:07.850Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://abb.com/plc", "defaultStatus": "unknown", "packageName": "PM5xx", "product": "AC500 V2", "vendor": "ABB", "versions": [{"lessThan": "2.8.6", "status": "affected", "version": "2.0.0", "versionType": "release"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "ABB thanks the following for working with us to help protect customers:  CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.<p>This issue affects AC500 V2: from 2.0.0 before 2.8.6.</p>"}], "value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n"}], "impacts": [{"capecId": "CAPEC-220", "descriptions": [{"lang": "en", "value": "CAPEC-220 Client-Server Protocol Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2023-09-13T03:57:46.530Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162&LanguageCode=en&DocumentPartId=&Action=Launch"}], "source": {"discovery": "EXTERNAL"}, "title": " Improper Check for Unusual or Exceptional Conditions", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Use the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. <br></div><div>This protocol/port is not affected by the DoS impact of the vulnerability.<br></div>"}], "value": "Use the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \n\n\nThis protocol/port is not affected by the DoS impact of the vulnerability.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.643Z"}, "title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-11T18:39:53.320995Z", "id": "CVE-2022-3192", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T18:40:07.850Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.643Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3192", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-11T18:39:53.320995Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T18:39:29.971Z"}}], "cna": {"title": " Improper Check for Unusual or Exceptional Conditions", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "ABB thanks the following for working with us to help protect customers:  CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure."}], "impacts": [{"capecId": "CAPEC-220", "descriptions": [{"lang": "en", "value": "CAPEC-220 Client-Server Protocol Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ABB", "product": "AC500 V2", "versions": [{"status": "affected", "version": "2.0.0", "lessThan": "2.8.6", "versionType": "release"}], "packageName": "PM5xx", "collectionURL": "https://abb.com/plc", "defaultStatus": "unknown"}], "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162&LanguageCode=en&DocumentPartId=&Action=Launch"}], "workarounds": [{"lang": "en", "value": "Use the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \n\n\nThis protocol/port is not affected by the DoS impact of the vulnerability.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<div>Use the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. <br></div><div>This protocol/port is not affected by the DoS impact of the vulnerability.<br></div>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.<p>This issue affects AC500 V2: from 2.0.0 before 2.8.6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2023-09-13T03:57:46.530Z"}}}, "cveMetadata": {"cveId": "CVE-2022-3192", "state": "PUBLISHED", "dateUpdated": "2025-02-11T18:40:07.850Z", "dateReserved": "2022-09-13T05:57:45.421Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2023-03-31T16:13:13.149Z", "assignerShortName": "ABB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:ac500_cpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7406B7B-1572-41B5-AD56-7D2CEA6837DD", "versionEndExcluding": "2.8.6", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:pm5630-2eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C695046-6ECB-44A2-A9BB-7A1E7947F1DB", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm5650-2eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AE080234-896D-4CD6-AE73-9B34A401AA48", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm5670-2eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B28B588-04F8-434E-80E5-BD3BEADA6D9B", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm5675-2eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AE593469-15CB-4308-A508-1DA8DB7C0F34", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm571-eth-v14x:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "43FC52BE-B3AD-4E3D-A725-14F26DB68DA7", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm571-v14x:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEEFC52F-720F-48D4-B256-621B39B41FA7", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm572:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "244316B6-6BD3-464B-9633-E4F0548CB500", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm573-eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E50EDB62-28E9-42DB-A6D5-8F08050FD882", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm581-eth-v14x:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD582C27-64FB-419B-9B90-6E4A9288CC14", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm581-v14x:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D25E659B-67B1-4C8C-8758-D451BFD1C0DE", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm582:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E3CA7E5-BE88-4F80-AB56-C0B3A3AC2AFA", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm582-arcnet:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "530D0396-3A6E-4ADD-99C2-711DD05E217D", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm582-eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A066AACA-B962-4554-A540-3A9615C8587A", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm582-v14x:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3921759-E3A3-46CE-973B-F6F4979E4522", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm583-eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5BEC2866-83F4-4546-9B1D-395E0AA0B2F1", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm585-eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "05C4DE95-404E-43E2-BB39-763D4793ABB8", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm585-mc-kit:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B39C7B7E-07F5-4C4B-9B89-415608EB2E65", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm590-arcnet-v14x:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "13DC199A-73C6-48A0-8495-9ADA49CD04F4", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm590-eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "29BAFCA6-1BE6-49F1-B553-9D2579319B2E", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm590-eth-v14x:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD186FAD-48F1-4021-A94A-8B36586D8942", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm590-mc-kit:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "251C578B-E061-4825-B558-AEC670C0BF87", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm590-v14x:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C10F3025-B5D1-42F7-824C-469BC5BDEDF5", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm591-2eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD806FD1-D7FC-4A1D-826F-B6C28112FED3", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm591-arcnet-v14x:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "21FB3060-A9C8-4A5C-A3B6-6CB03B366117", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm591-eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0FDA1B4A-AC9C-4D79-8F1E-F21F6C1973EB", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm591-eth-v14x:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4CA00FD-25C6-4BCC-8651-1442A96A1696", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm591-v14x:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "20060D95-F9F7-4D7C-9547-23A8B1783842", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm592-eth:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCFB7CF2-1CDC-4674-8D4B-94056042BA6C", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:pm595-4eth-f:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "137C1C80-4DF4-4297-92A3-7C902C55007A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n"}, {"lang": "es", "value": "La vulnerabilidad de validaci\u00f3n de entrada incorrecta en ABB AC500 V2 PM5xx permite la Manipulaci\u00f3n del Protocolo Cliente-Servidor.Este problema afecta a AC500 V2: de la veris\u00f3n 2.0.0 a la 2.8.6."}], "id": "CVE-2022-3192", "lastModified": "2024-11-21T07:19:00.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-31T17:15:06.427", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}