CVE-2022-3192

Improper Check for Unusual or Exceptional Conditions

Description

Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.

Remediation

Workaround:

  • Use the communication protocol "Tcp/Ip" instead of "ABB Tcp/Ip Level 2" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. This protocol/port is not affected by the DoS impact of the vulnerability.

Category

5.3
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.06%
Vendor Advisory abb.com
Affected: ABB AC500 V2
Published at:
Updated at:

References

Link Tags
https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162&LanguageCode=en&DocumentPartId=&Action=Launch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-3192?
CVE-2022-3192 has been scored as a medium severity vulnerability.
How to fix CVE-2022-3192?
As a workaround for remediating CVE-2022-3192: Use the communication protocol "Tcp/Ip" instead of "ABB Tcp/Ip Level 2" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. This protocol/port is not affected by the DoS impact of the vulnerability.
Is CVE-2022-3192 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-3192 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-3192?
CVE-2022-3192 affects ABB AC500 V2.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.