6.7

CVE-2021-22278

Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AbbUpdate Manager Version2.1
AbbUpdate Manager Version2.1.0.4
AbbUpdate Manager Version2.2
AbbUpdate Manager Version2.2.0.1
AbbUpdate Manager Version2.2.0.2
AbbUpdate Manager Version2.2.0.23
AbbUpdate Manager Version2.3.0.60
AbbUpdate Manager Version2.4.20041.1
AbbUpdate Manager Version2.4.20119.2
AbbUpdate Manager Version >= 2.7 <= 2.10
   HitachienergyPcm600 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.025
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
cybersecurity@ch.abb.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch
Vendor Advisory