CVE-2022-4126

Name of the Vulnerable Software and Affected Versions ABB RCCMD versions prior to 4.40 230207

Description The issue is related to the use of default passwords in the ABB RCCMD client-server application for managing uninterruptible power supplies. This could allow a remote attacker to execute arbitrary code or gain full control over the application by trying common or default usernames and passwords.

Recommendations For versions prior to 4.40 230207, update to version 4.40 230207 or later to resolve the issue. As a temporary workaround, consider changing the default passwords to unique, strong passwords until a patch is applied. Restrict access to the application to minimize the risk of exploitation.