{"api_version":"1","generated_at":"2026-04-21T09:00:09+00:00","cve":"CVE-2022-34838","urls":{"html":"https://cve.report/CVE-2022-34838","api":"https://cve.report/api/cve/CVE-2022-34838.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-34838","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-34838"},"summary":{"title":"CVE-2022-34838","description":"Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user.","state":"PUBLIC","assigner":"cybersecurity@ch.abb.com","published_at":"2022-08-24 16:15:00","updated_at":"2022-08-30 19:51:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch","name":"https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch","refsource":"MISC","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-34838","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34838","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"34838","vulnerable":"1","versionEndIncluding":"8.20","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"abb","cpe5":"zenon","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-34838","qid":"591038","title":"ABB Zenon Log Server file access control Multiple Vulnerabilities (ABBVREP0079)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cybersecurity@ch.abb.com","DATE_PUBLIC":"2022-07-26T07:54:00.000Z","ID":"CVE-2022-34838","STATE":"PUBLIC","TITLE":"ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ABB Zenon","version":{"version_data":[{"version_affected":"<=","version_value":"8.20"}]}}]},"vendor_name":"ABB"}]}},"credit":[{"lang":"eng","value":"ABB thanks Ruben Santamarta for helping to identify the vulnerabilities and protecting our customers"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-257 Storing Passwords in a Recoverable Format"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch","name":"https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-08-24 16:15:00","lastModifiedDate":"2022-08-30 19:51:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":8.4,"baseSeverity":"HIGH"},"exploitabilityScore":2,"impactScore":5.8}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*","versionEndIncluding":"8.20","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}