6.7

CVE-2021-22278

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.

Data is provided by the National Vulnerability Database (NVD)
AbbUpdate Manager Version2.1
AbbUpdate Manager Version2.1.0.4
AbbUpdate Manager Version2.2
AbbUpdate Manager Version2.2.0.1
AbbUpdate Manager Version2.2.0.2
AbbUpdate Manager Version2.2.0.23
AbbUpdate Manager Version2.3.0.60
AbbUpdate Manager Version2.4.20041.1
AbbUpdate Manager Version2.4.20119.2
AbbUpdate Manager Version >= 2.7 <= 2.10
   HitachienergyPcm600 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.026
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
cybersecurity@ch.abb.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.