| ID |
CVE-2021-22272
|
| Sažetak |
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch |
| Reference |
|
| CVSS |
| Base: | 9.0 |
| Impact: | 9.5 |
| Exploitability: | 8.6 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| PARTIAL |
COMPLETE |
COMPLETE |
|
| CVSS vektor |
AV:N/AC:M/Au:N/C:P/I:C/A:C |
| Zadnje važnije ažuriranje |
08-10-2021 - 14:16 |
| Objavljeno |
27-09-2021 - 14:15 |
