ID

VAR-202211-1392


CVE

CVE-2022-3388


TITLE

ABB MicroSCADA Pro SYS600 Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-86331

DESCRIPTION

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software from ABB in Switzerland. The software is mainly used in substation automation, SCADA electrical, power distribution management applications and industrial power management etc. An attacker could exploit this vulnerability to execute code remotely

Trust: 1.44

sources: NVD: CVE-2022-3388 // CNVD: CNVD-2022-86331

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-86331

AFFECTED PRODUCTS

vendor:hitachienergymodel:microscada x sys600scope:eqversion:10.3

Trust: 1.0

vendor:hitachienergymodel:microscada x sys600scope:eqversion:10.2.1

Trust: 1.0

vendor:hitachienergymodel:microscada x sys600scope:eqversion:10.1.1

Trust: 1.0

vendor:hitachienergymodel:microscada x sys600scope:eqversion:10.2

Trust: 1.0

vendor:hitachienergymodel:microscada pro sys600scope:eqversion:9.0

Trust: 1.0

vendor:hitachienergymodel:microscada pro sys600scope:eqversion:9.4

Trust: 1.0

vendor:hitachienergymodel:microscada pro sys600scope:eqversion:9.3

Trust: 1.0

vendor:hitachienergymodel:microscada x sys600scope:eqversion:10.3.1

Trust: 1.0

vendor:hitachienergymodel:microscada pro sys600scope:eqversion:9.1

Trust: 1.0

vendor:hitachienergymodel:microscada x sys600scope:eqversion:10

Trust: 1.0

vendor:hitachienergymodel:microscada x sys600scope:eqversion:10.1

Trust: 1.0

vendor:hitachienergymodel:microscada x sys600scope:eqversion:10.4

Trust: 1.0

vendor:hitachienergymodel:microscada pro sys600scope:eqversion:9.2

Trust: 1.0

vendor:abbmodel:microscada pro sys600scope:eqversion:9.4

Trust: 0.6

vendor:abbmodel:microscada pro sys600 9.4:fixpack 1scope: - version: -

Trust: 0.6

vendor:abbmodel:microscada pro sys600 9.4:fixpack 2scope: - version: -

Trust: 0.6

vendor:abbmodel:microscada pro sys600scope:lteversion:<=9.3

Trust: 0.6

vendor:abbmodel:microscada pro sys600scope:gteversion:10.0,<=10.4

Trust: 0.6

sources: CNVD: CNVD-2022-86331 // NVD: CVE-2022-3388

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-3388
value: HIGH

Trust: 1.0

cybersecurity@hitachienergy.com: CVE-2022-3388
value: HIGH

Trust: 1.0

CNVD: CNVD-2022-86331
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202211-3240
value: HIGH

Trust: 0.6

CNVD: CNVD-2022-86331
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-3388
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cybersecurity@hitachienergy.com: CVE-2022-3388
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-86331 // CNNVD: CNNVD-202211-3240 // NVD: CVE-2022-3388 // NVD: CVE-2022-3388

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2022-3388

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-3240

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202211-3240

PATCH

title:Patch for ABB MicroSCADA Pro SYS600 Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/367091

Trust: 0.6

title:ABB MicroSCADA Pro SYS600 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=215569

Trust: 0.6

sources: CNVD: CNVD-2022-86331 // CNNVD: CNNVD-202211-3240

EXTERNAL IDS

db:NVDid:CVE-2022-3388

Trust: 2.2

db:CNVDid:CNVD-2022-86331

Trust: 0.6

db:CNNVDid:CNNVD-202211-3240

Trust: 0.6

sources: CNVD: CNVD-2022-86331 // CNNVD: CNNVD-202211-3240 // NVD: CVE-2022-3388

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=8dbd000123&languagecode=en&documentpartid=&action=launch&elqaid=4293&elqat=1

Trust: 2.2

url:https://cxsecurity.com/cveshow/cve-2022-3388/

Trust: 0.6

sources: CNVD: CNVD-2022-86331 // CNNVD: CNNVD-202211-3240 // NVD: CVE-2022-3388

SOURCES

db:CNVDid:CNVD-2022-86331
db:CNNVDid:CNNVD-202211-3240
db:NVDid:CVE-2022-3388

LAST UPDATE DATE

2024-08-14T15:16:21.725000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-86331date:2022-12-09T00:00:00
db:CNNVDid:CNNVD-202211-3240date:2022-11-29T00:00:00
db:NVDid:CVE-2022-3388date:2023-10-19T05:15:58.283

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-86331date:2022-12-07T00:00:00
db:CNNVDid:CNNVD-202211-3240date:2022-11-21T00:00:00
db:NVDid:CVE-2022-3388date:2022-11-21T19:15:13.353