Vulnerabilities > CVE-2021-22272

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

abb

busch-jaeger

critical

NVD

Published: 2021-09-27

Updated: 2021-10-08

Summary

The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch

Vulnerable Configurations

Part	Description	Count
Application	Abb ABB Mybuildings -	1
Application	Busch-Jaeger Busch Jaeger Mybusch Jaeger -	1

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688&LanguageCode=en&DocumentPartId=&Action=Launch

Vulnerabilities > CVE-2021-22272 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-22272"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-22272