CVE-2022-34836 MEDIUM

CVE-2022-34836: ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control

Vendor Abb

Product ABB Zenon

Weakness CWE-23

Published August 24, 2022

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Adjacent

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.

Key dates

02Disclosure timeline

August 24, 2022 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-34836

Related vulnerabilities

CVE-2022-34836: ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control

01Description

02Disclosure timeline

03References

04Related CVE