CVE-2022-0010

Name of the Vulnerable Software and Affected Versions ABB QCS 800xA versions 1.0;0 through 6.1SP2 ABB QCS AC450 versions 1.0;0 through 5.1SP2 ABB Platform Engineering Tools versions 1.0:0 through 2.3.0

Description The issue is related to the insertion of sensitive information into log files in ABB QCS 800xA, ABB QCS AC450, and ABB Platform Engineering Tools. An attacker with local access to the QCS nodes could obtain the password for a system user account, potentially gaining control of system nodes.

Recommendations For ABB QCS 800xA versions 1.0;0 through 6.1SP2, update to a version later than 6.1SP2 to resolve the issue. For ABB QCS AC450 versions 1.0;0 through 5.1SP2, update to a version later than 5.1SP2 to resolve the issue. For ABB Platform Engineering Tools versions 1.0:0 through 2.3.0, update to a version later than 2.3.0 to resolve the issue. As a temporary workaround, consider restricting access to log files and system nodes to minimize the risk of exploitation.