Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-2513 |
CWE-ID | CWE-312 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
PCM600 Update Manager Other software / Other software solutions 670 Connectivity Package Other software / Other software solutions 650 Connectivity Package Other software / Other software solutions SAM600-IO Connectivity Package Other software / Other software solutions GMS600 Connectivity Package Other software / Other software solutions PWC600 Connectivity Package Other software / Other software solutions |
Vendor | Hitachi Energy |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU69736
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2513
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to user credentials are stored in plaintext in the database within the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function. A local attacker can obtain IED credentials.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPCM600 Update Manager: 2.11
670 Connectivity Package: 3.0 - 3.4.1
650 Connectivity Package: 1.3 - 2.4.1
SAM600-IO Connectivity Package: 1.0 - 1.2
GMS600 Connectivity Package: 1.3 - 1.3.1
PWC600 Connectivity Package: 1.1 - 1.3
External linkshttp://search.abb.com/library/Download.aspx?DocumentID=8DBD000120&LanguageCode=en&DocumentPartId=&Action=Launch
http://www.cisa.gov/uscert/ics/advisories/icsa-22-333-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.