CVE-2022-0947 : A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attack

A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration.

Published 2022-05-10 19:15:09

Updated 2022-05-18 14:27:31

Source Asea Brown Boveri Ltd. (ABB)

View at NVD, CVE.org

Products affected by CVE-2022-0947

ABB » Arg600a1220na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arg600a1220na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arg600a1220na » Version: N/A
ABB » Arg600a1230na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arg600a1230na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arg600a1230na » Version: N/A
ABB » Arg600a1240na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arg600a1240na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arg600a1240na » Version: N/A
ABB » Arg600a1260na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arg600a1260na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arg600a1260na » Version: N/A
ABB » Arg600a2622na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arg600a2622na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arg600a2622na » Version: N/A
ABB » Arg600a2625na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arg600a2625na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arg600a2625na » Version: N/A
ABB » Arp600a2200na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arp600a2200na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arp600a2200na » Version: N/A
ABB » Arp600a2220na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arp600a2220na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arp600a2220na » Version: N/A
ABB » Arp600a2250na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arp600a2250na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arp600a2250na » Version: N/A
ABB » Arp600a2260na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arp600a2260na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arp600a2260na » Version: N/A
ABB » Arp600a2651na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arp600a2651na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arp600a2651na » Version: N/A
ABB » Arp600a2560na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arp600a2560na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arp600a2560na » Version: N/A
ABB » Arr600a3201na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arr600a3201na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arr600a3201na » Version: N/A
ABB » Arr600a3202na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arr600a3202na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arr600a3202na » Version: N/A
ABB » Arr600a3221na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arr600a3221na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arr600a3221na » Version: N/A
ABB » Arr600a3222na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arr600a3222na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arr600a3222na » Version: N/A
ABB » Arr600a3251na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arr600a3251na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arr600a3251na » Version: N/A
ABB » Arr600a3252na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arr600a3252na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arr600a3252na » Version: N/A
ABB » Arr600a3261na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arr600a3261na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arr600a3261na » Version: N/A
ABB » Arr600a3262na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arr600a3262na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arr600a3262na » Version: N/A
ABB » Arc600a2325na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arc600a2325na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arc600a2325na » Version: N/A
ABB » Arc600a2323na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arc600a2323na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arc600a2323na » Version: N/A
ABB » Arc600a2324na Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:arc600a2324na_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Arc600a2324na » Version: N/A
ABB » Viola Systems Arctic Firmware
Versions from including (>=) 2.4.0 and up to, including, (<=) 3.4.10
cpe:2.3:o:abb:viola_systems_arctic_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ABB » Viola Systems Arctic » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-0947

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 54 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-0947

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.0	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H	2.3	6.0	Asea Brown Boveri Ltd. (ABB)
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-0947

CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Assigned by:
- cybersecurity@ch.abb.com (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2022-0947

https://search.abb.com/library/Download.aspx?DocumentID=2NGA001253&LanguageCode=en&DocumentPartId=&Action=Launch

Mitigation;Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-0947

Products affected by CVE-2022-0947

Exploit prediction scoring system (EPSS) score for CVE-2022-0947

CVSS scores for CVE-2022-0947

CWE ids for CVE-2022-0947

References for CVE-2022-0947