Cyber Resilience

CVE-2022-26080

Medium

Published: 16 March 2023

Published
16 March 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
EPSS Score 0.0024 47.3th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-26080 is a medium-severity Use of Insufficiently Random Values (CWE-330) vulnerability in Abb H5692448 G104 Firmware. Its CVSS base score is 6.3 (Medium).

Operationally, ranked at the 47.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) –…

more

comcode 150047415.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

abb
h5692448 g104 firmware
all versions
abb
h5692448 g842 firmware
all versions
abb
h5692448 g224l firmware
all versions
abb
h5692448 g630-4 firmware
all versions
abb
h5692448 g451c\(2\) firmware
all versions
abb
h5692448 g461\(2\) firmware
all versions
abb
ne843 s firmware
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-330

Key generation under controlled management uses approved random-bit sources rather than insufficiently random values.

References