CVE-2022-34836: ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
First published: Wed Aug 24 2022(Updated: )
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.
Credit: cybersecurity@ch.abb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ABB Zenon | <=8.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-34836?
CVE-2022-34836 is a Relative Path Traversal vulnerability in ABB Zenon 8.20 that allows an attacker to access files on the Zenon system and add log messages.
How severe is CVE-2022-34836?
CVE-2022-34836 has a severity rating of 8.2, which is considered high.
What software versions are affected by CVE-2022-34836?
ABB Zenon 8.20 is affected by CVE-2022-34836.
How does CVE-2022-34836 work?
CVE-2022-34836 allows an attacker to perform a relative path traversal and access files on the Zenon system, as well as add log messages.
Is there a fix for CVE-2022-34836?
ABB has released a patch to address the vulnerability. It is recommended to update to the latest version of ABB Zenon to mitigate the risk.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/abb
- canonical/abb zenon
- version/abb zenon/8.20