Details of VAR-202211-1392

ID

VAR-202211-1392

CVE

CVE-2022-3388

TITLE

ABB MicroSCADA Pro SYS600 Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-86331

DESCRIPTION

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software from ABB in Switzerland. The software is mainly used in substation automation, SCADA electrical, power distribution management applications and industrial power management etc. An attacker could exploit this vulnerability to execute code remotely

Trust: 1.44

sources: NVD: CVE-2022-3388 // CNVD: CNVD-2022-86331

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-86331

AFFECTED PRODUCTS

vendor:	hitachienergy	model:	microscada x sys600	scope:	eq	version:	10.3	Trust: 1.0
vendor:	hitachienergy	model:	microscada x sys600	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	hitachienergy	model:	microscada x sys600	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	hitachienergy	model:	microscada x sys600	scope:	eq	version:	10.2	Trust: 1.0
vendor:	hitachienergy	model:	microscada pro sys600	scope:	eq	version:	9.0	Trust: 1.0
vendor:	hitachienergy	model:	microscada pro sys600	scope:	eq	version:	9.4	Trust: 1.0
vendor:	hitachienergy	model:	microscada pro sys600	scope:	eq	version:	9.3	Trust: 1.0
vendor:	hitachienergy	model:	microscada x sys600	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	hitachienergy	model:	microscada pro sys600	scope:	eq	version:	9.1	Trust: 1.0
vendor:	hitachienergy	model:	microscada x sys600	scope:	eq	version:	10	Trust: 1.0
vendor:	hitachienergy	model:	microscada x sys600	scope:	eq	version:	10.1	Trust: 1.0
vendor:	hitachienergy	model:	microscada x sys600	scope:	eq	version:	10.4	Trust: 1.0
vendor:	hitachienergy	model:	microscada pro sys600	scope:	eq	version:	9.2	Trust: 1.0
vendor:	abb	model:	microscada pro sys600	scope:	eq	version:	9.4	Trust: 0.6
vendor:	abb	model:	microscada pro sys600 9.4:fixpack 1	scope:	-	version:	-	Trust: 0.6
vendor:	abb	model:	microscada pro sys600 9.4:fixpack 2	scope:	-	version:	-	Trust: 0.6
vendor:	abb	model:	microscada pro sys600	scope:	lte	version:	<=9.3	Trust: 0.6
vendor:	abb	model:	microscada pro sys600	scope:	gte	version:	10.0,<=10.4	Trust: 0.6

sources: CNVD: CNVD-2022-86331 // NVD: CVE-2022-3388

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-3388
value:	HIGH
Trust: 1.0
cybersecurity@hitachienergy.com:	CVE-2022-3388
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-86331
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202211-3240
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2022-86331
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-3388
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cybersecurity@hitachienergy.com:	CVE-2022-3388
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-86331 // CNNVD: CNNVD-202211-3240 // NVD: CVE-2022-3388 // NVD: CVE-2022-3388

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2022-3388

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-3240

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202211-3240

PATCH

title:	Patch for ABB MicroSCADA Pro SYS600 Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/367091	Trust: 0.6
title:	ABB MicroSCADA Pro SYS600 Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=215569	Trust: 0.6

sources: CNVD: CNVD-2022-86331 // CNNVD: CNNVD-202211-3240

EXTERNAL IDS

db:	NVD	id:	CVE-2022-3388	Trust: 2.2
db:	CNVD	id:	CNVD-2022-86331	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-3240	Trust: 0.6

sources: CNVD: CNVD-2022-86331 // CNNVD: CNNVD-202211-3240 // NVD: CVE-2022-3388

REFERENCES

url:	https://search.abb.com/library/download.aspx?documentid=8dbd000123&languagecode=en&documentpartid=&action=launch&elqaid=4293&elqat=1	Trust: 2.2
url:	https://cxsecurity.com/cveshow/cve-2022-3388/	Trust: 0.6

sources: CNVD: CNVD-2022-86331 // CNNVD: CNNVD-202211-3240 // NVD: CVE-2022-3388

SOURCES

db:	CNVD	id:	CNVD-2022-86331
db:	CNNVD	id:	CNNVD-202211-3240
db:	NVD	id:	CVE-2022-3388

LAST UPDATE DATE

2024-08-14T15:16:21.725000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-86331	date:	2022-12-09T00:00:00
db:	CNNVD	id:	CNNVD-202211-3240	date:	2022-11-29T00:00:00
db:	NVD	id:	CVE-2022-3388	date:	2023-10-19T05:15:58.283

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-86331	date:	2022-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202211-3240	date:	2022-11-21T00:00:00
db:	NVD	id:	CVE-2022-3388	date:	2022-11-21T19:15:13.353