CVE-2021-22278 MEDIUM

Published: 2021-10-28 | Last Modified: 2024-11-21 | Status: Modified

Description

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.

Additional Descriptions (1)

Una vulnerabilidad de comprobación de certificados en PCM600 Update Manager permite a un atacante conseguir que se instalen paquetes de software no deseados en el ordenador que presenta instalado el PCM600

CVSS Metrics

Base Score: 6.7 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	HIGH
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 0.8

Impact Score: 5.9

Base Score: 4.6 (MEDIUM)

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector	LOCAL
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-295
[email protected]	Primary	en CWE-295

Affected Products

Vendor	Product	Version	Update	Type
abb	update_manager	2.1	<built-in method update of dict object at 0x72a9cd0c1040>	Application
abb	update_manager	2.1.0.4	<built-in method update of dict object at 0x72a9b0735a40>	Application
abb	update_manager	2.2	<built-in method update of dict object at 0x72a9b0736680>	Application
abb	update_manager	2.2.0.1	<built-in method update of dict object at 0x72a9cd07ba00>	Application
abb	update_manager	2.2.0.2	<built-in method update of dict object at 0x72a9cd0c2380>	Application
abb	update_manager	2.2.0.23	<built-in method update of dict object at 0x72a9cd0c3b40>	Application
abb	update_manager	2.3.0.60	<built-in method update of dict object at 0x72a9cd0c0a00>	Application
abb	update_manager	2.4.20041.1	<built-in method update of dict object at 0x72a9cd0c2b80>	Application
abb	update_manager	2.4.20119.2	<built-in method update of dict object at 0x72a9b0c99280>	Application
abb	update_manager	*	<built-in method update of dict object at 0x72a9cd0c1bc0>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:abb:update_manager:2.1:::::::*`
Yes	`cpe:2.3:a:abb:update_manager:2.1.0.4:::::::*`
Yes	`cpe:2.3:a:abb:update_manager:2.2:::::::*`
Yes	`cpe:2.3:a:abb:update_manager:2.2.0.1:::::::*`
Yes	`cpe:2.3:a:abb:update_manager:2.2.0.2:::::::*`
Yes	`cpe:2.3:a:abb:update_manager:2.2.0.23:::::::*`
Yes	`cpe:2.3:a:abb:update_manager:2.3.0.60:::::::*`
Yes	`cpe:2.3:a:abb:update_manager:2.4.20041.1:::::::*`
Yes	`cpe:2.3:a:abb:update_manager:2.4.20119.2:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:abb:update_manager::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:hitachienergy:pcm600:-:::::::*`

References

https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]

Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]

Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory