6.7
CVE-2021-22278
- EPSS 0.02%
- Veröffentlicht 28.10.2021 13:15:08
- Zuletzt bearbeitet 21.11.2024 05:49:50
- Quelle cybersecurity@ch.abb.com
- CVE-Watchlists
- Unerledigt
LoginCertificate verification vulnerability in Update Manager of PCM600 Engineering Tool
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Abb ≫ Update Manager Version2.1
Abb ≫ Update Manager Version2.1.0.4
Abb ≫ Update Manager Version2.2
Abb ≫ Update Manager Version2.2.0.1
Abb ≫ Update Manager Version2.2.0.2
Abb ≫ Update Manager Version2.2.0.23
Abb ≫ Update Manager Version2.3.0.60
Abb ≫ Update Manager Version2.4.20041.1
Abb ≫ Update Manager Version2.4.20119.2
Abb ≫ Update Manager Version >= 2.7 <= 2.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.026 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| cybersecurity@ch.abb.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.