CVE-2022-2513
Summary
| CVE | CVE-2022-2513 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-11-22 11:15:00 UTC |
| Updated | 2023-11-07 03:46:00 UTC |
| Description | A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. An attacker who manages to get access to the exported backup file can exploit the vulnerability and obtain credentials of the IEDs. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs. |
Risk And Classification
Problem Types: CWE-312
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Abb | Gms600 | - | All | All | All |
| Operating System | Abb | Gms600 Firmware | All | All | All | All |
| Hardware | Abb | Pcm600 | - | All | All | All |
| Operating System | Abb | Pcm600 Firmware | 2.6 | All | All | All |
| Hardware | Abb | Pwc600 | - | All | All | All |
| Operating System | Abb | Pwc600 Firmware | All | All | All | All |
| Hardware | Abb | Relion 650 | - | All | All | All |
| Operating System | Abb | Relion 650 Firmware | All | All | All | All |
| Hardware | Abb | Relion 670 | - | All | All | All |
| Operating System | Abb | Relion 670 Firmware | All | All | All | All |
| Hardware | Abb | Relion Sam600-io | - | All | All | All |
| Operating System | Abb | Relion Sam600-io Firmware | All | All | All | All |
| Application | Hitachienergy | 650connectivitypackage | 1.3.0 | All | All | All |
| Application | Hitachienergy | 650connectivitypackage | 2.1.2 | All | All | All |
| Application | Hitachienergy | 650connectivitypackage | 2.2.2 | All | All | All |
| Application | Hitachienergy | 650connectivitypackage | 2.3.0 | All | All | All |
| Application | Hitachienergy | 650connectivitypackage | 2.4.1 | All | All | All |
| Application | Hitachienergy | 670connectivitypackage | 3.0.2 | All | All | All |
| Application | Hitachienergy | 670connectivitypackage | 3.1.2 | All | All | All |
| Application | Hitachienergy | 670connectivitypackage | 3.2.6 | All | All | All |
| Application | Hitachienergy | 670connectivitypackage | 3.3.0 | All | All | All |
| Application | Hitachienergy | 670connectivitypackage | 3.4.1 | All | All | All |
| Application | Hitachienergy | Gms600connectivitypackage | 1.3.0 | All | All | All |
| Application | Hitachienergy | Gms600connectivitypackage | 1.3.1 | All | All | All |
| Application | Hitachienergy | Pcm600 | All | All | All | All |
| Application | Hitachienergy | Pwc600connectivitypackage | 1.1.0 | All | All | All |
| Application | Hitachienergy | Pwc600connectivitypackage | 1.1.1 | All | All | All |
| Application | Hitachienergy | Pwc600connectivitypackage | 1.1.2 | All | All | All |
| Application | Hitachienergy | Pwc600connectivitypackage | 1.2.0 | All | All | All |
| Application | Hitachienergy | Pwc600connectivitypackage | 1.3.0 | All | All | All |
| Application | Hitachienergy | Sam600ioconnectivitypackage | 1.0.0 | All | All | All |
| Application | Hitachienergy | Sam600ioconnectivitypackage | 1.1.0 | All | All | All |
| Application | Hitachienergy | Sam600ioconnectivitypackage | 1.2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| search.abb.com/library/Download.aspx | MISC | search.abb.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 591237 ABB PCM600 Cleartext Credentials Sensitive Information Disclosure Vulnerability (ICSA-22-333-02,ABBVREP0086)