CVE-2021-22278 - Vulnerability Details

Vendors	Products
Abb	Update Manager
Hitachienergy	Pcm600

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "PCM600", "vendor": "ABB", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "2.7", "versionType": "custom"}, {"lessThanOrEqual": "2.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PCM600 Update Manager", "vendor": "ABB", "versions": [{"status": "affected", "version": "2.1"}, {"status": "affected", "version": "2.1.0.4"}, {"status": "affected", "version": "2.2"}, {"status": "affected", "version": "2.2.0.1"}, {"status": "affected", "version": "2.2.0.2"}, {"status": "affected", "version": "2.2.0.23"}, {"status": "affected", "version": "2.3.0.60"}, {"status": "affected", "version": "2.4.20041.1"}, {"status": "affected", "version": "2.4.20119.2"}]}, {"product": "PCM600", "vendor": "Hitachi Energy", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "2.7", "versionType": "custom"}, {"lessThanOrEqual": "2.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PCM600 Update Manager", "vendor": "Hitachi Energy", "versions": [{"status": "affected", "version": "2.1"}, {"status": "affected", "version": "2.1.0.4"}, {"status": "affected", "version": "2.2"}, {"status": "affected", "version": "2.2.0.1"}, {"status": "affected", "version": "2.2.0.2"}, {"status": "affected", "version": "2.2.0.23"}, {"status": "affected", "version": "2.3.0.60"}, {"status": "affected", "version": "2.4.20041.1"}, {"status": "affected", "version": "2.4.20119.2"}]}], "credits": [{"lang": "en", "value": "ABB and Hitachi Energy thank CyTRICS researcher May Chaffin for helping to identify the vulnerabilities and protecting our customers."}], "datePublic": "2021-10-19T00:00:00", "descriptions": [{"lang": "en", "value": "A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-28T12:45:58", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"tags": ["x_refsource_MISC"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch"}], "solutions": [{"lang": "en", "value": "Install latest PCM600 Update Manager version 2.4.21218.1 or newer."}], "source": {"discovery": "UNKNOWN"}, "title": "Certificate verification vulnerability  in Update Manager of PCM600 Engineering Tool", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@ch.abb.com", "DATE_PUBLIC": "2021-10-19T10:02:00.000Z", "ID": "CVE-2021-22278", "STATE": "PUBLIC", "TITLE": "Certificate verification vulnerability  in Update Manager of PCM600 Engineering Tool"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PCM600", "version": {"version_data": [{"version_affected": ">=", "version_value": "2.7"}, {"version_affected": "<=", "version_value": "2.10"}]}}, {"product_name": "PCM600 Update Manager", "version": {"version_data": [{"version_affected": "=", "version_value": "2.1"}, {"version_affected": "=", "version_value": "2.1.0.4"}, {"version_affected": "=", "version_value": "2.2"}, {"version_affected": "=", "version_value": "2.2.0.1"}, {"version_affected": "=", "version_value": "2.2.0.2"}, {"version_affected": "=", "version_value": "2.2.0.23"}, {"version_affected": "=", "version_value": "2.3.0.60"}, {"version_affected": "=", "version_value": "2.4.20041.1"}, {"version_affected": "=", "version_value": "2.4.20119.2"}]}}]}, "vendor_name": "ABB"}, {"product": {"product_data": [{"product_name": "PCM600", "version": {"version_data": [{"version_affected": ">=", "version_value": "2.7"}, {"version_affected": "<=", "version_value": "2.10"}]}}, {"product_name": "PCM600 Update Manager", "version": {"version_data": [{"version_affected": "=", "version_value": "2.1"}, {"version_affected": "=", "version_value": "2.1.0.4"}, {"version_affected": "=", "version_value": "2.2"}, {"version_affected": "=", "version_value": "2.2.0.1"}, {"version_affected": "=", "version_value": "2.2.0.2"}, {"version_affected": "=", "version_value": "2.2.0.23"}, {"version_affected": "=", "version_value": "2.3.0.60"}, {"version_affected": "=", "version_value": "2.4.20041.1"}, {"version_affected": "=", "version_value": "2.4.20119.2"}]}}]}, "vendor_name": "Hitachi Energy"}]}}, "credit": [{"lang": "eng", "value": "ABB and Hitachi Energy thank CyTRICS researcher May Chaffin for helping to identify the vulnerabilities and protecting our customers."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-295 Improper Certificate Validation"}]}]}, "references": {"reference_data": [{"name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "MISC", "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "MISC", "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch"}]}, "solution": [{"lang": "en", "value": "Install latest PCM600 Update Manager version 2.4.21218.1 or newer."}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:18.443Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch"}]}]}, "cveMetadata": {"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2021-22278", "datePublished": "2021-10-28T12:45:58.086957Z", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-09-16T18:23:59.443Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : PCM600 (string)

vendor : ABB (string)

versions : [ »

0 : { »

lessThan : unspecified (string)

status : affected (string)

version : 2.7 (string)

versionType : custom (string)

}

1 : { »

lessThanOrEqual : 2.10 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

1 : { »

product : PCM600 Update Manager (string)

vendor : ABB (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.1 (string)

}

1 : { »

status : affected (string)

version : 2.1.0.4 (string)

}

2 : { »

status : affected (string)

version : 2.2 (string)

}

3 : { »

status : affected (string)

version : 2.2.0.1 (string)

}

4 : { »

status : affected (string)

version : 2.2.0.2 (string)

}

5 : { »

status : affected (string)

version : 2.2.0.23 (string)

}

6 : { »

status : affected (string)

version : 2.3.0.60 (string)

}

7 : { »

status : affected (string)

version : 2.4.20041.1 (string)

}

8 : { »

status : affected (string)

version : 2.4.20119.2 (string)

}

]

}

2 : { »

product : PCM600 (string)

vendor : Hitachi Energy (string)

versions : [ »

0 : { »

lessThan : unspecified (string)

status : affected (string)

version : 2.7 (string)

versionType : custom (string)

}

1 : { »

lessThanOrEqual : 2.10 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

3 : { »

product : PCM600 Update Manager (string)

vendor : Hitachi Energy (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.1 (string)

}

1 : { »

status : affected (string)

version : 2.1.0.4 (string)

}

2 : { »

status : affected (string)

version : 2.2 (string)

}

3 : { »

status : affected (string)

version : 2.2.0.1 (string)

}

4 : { »

status : affected (string)

version : 2.2.0.2 (string)

}

5 : { »

status : affected (string)

version : 2.2.0.23 (string)

}

6 : { »

status : affected (string)

version : 2.3.0.60 (string)

}

7 : { »

status : affected (string)

version : 2.4.20041.1 (string)

}

8 : { »

status : affected (string)

version : 2.4.20119.2 (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : ABB and Hitachi Energy thank CyTRICS researcher May Chaffin for helping to identify the vulnerabilities and protecting our customers. (string)

}

]

datePublic : 2021-10-19T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-295 (string)

description : CWE-295 Improper Certificate Validation (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-10-28T12:45:58 (string)

orgId : 2b718523-d88f-4f37-9bbd-300c20644bf9 (string)

shortName : ABB (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Install latest PCM600 Update Manager version 2.4.21218.1 or newer. (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cybersecurity@ch.abb.com (string)

DATE_PUBLIC : 2021-10-19T10:02:00.000Z (string)

ID : CVE-2021-22278 (string)

STATE : PUBLIC (string)

TITLE : Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : PCM600 (string)

version : { »

version_data : [ »

0 : { »

version_affected : >= (string)

version_value : 2.7 (string)

}

1 : { »

version_affected : <= (string)

version_value : 2.10 (string)

}

]

}

1 : { »

product_name : PCM600 Update Manager (string)

version : { »

version_data : [ »

0 : { »

version_affected : = (string)

version_value : 2.1 (string)

}

1 : { »

version_affected : = (string)

version_value : 2.1.0.4 (string)

}

2 : { »

version_affected : = (string)

version_value : 2.2 (string)

}

3 : { »

version_affected : = (string)

version_value : 2.2.0.1 (string)

}

4 : { »

version_affected : = (string)

version_value : 2.2.0.2 (string)

}

5 : { »

version_affected : = (string)

version_value : 2.2.0.23 (string)

}

6 : { »

version_affected : = (string)

version_value : 2.3.0.60 (string)

}

7 : { »

version_affected : = (string)

version_value : 2.4.20041.1 (string)

}

8 : { »

version_affected : = (string)

version_value : 2.4.20119.2 (string)

}

]

}

]

}

vendor_name : ABB (string)

}

1 : { »

product : { »

product_data : [ »

0 : { »

product_name : PCM600 (string)

version : { »

version_data : [ »

0 : { »

version_affected : >= (string)

version_value : 2.7 (string)

}

1 : { »

version_affected : <= (string)

version_value : 2.10 (string)

}

]

}

1 : { »

product_name : PCM600 Update Manager (string)

version : { »

version_data : [ »

0 : { »

version_affected : = (string)

version_value : 2.1 (string)

}

1 : { »

version_affected : = (string)

version_value : 2.1.0.4 (string)

}

2 : { »

version_affected : = (string)

version_value : 2.2 (string)

}

3 : { »

version_affected : = (string)

version_value : 2.2.0.1 (string)

}

4 : { »

version_affected : = (string)

version_value : 2.2.0.2 (string)

}

5 : { »

version_affected : = (string)

version_value : 2.2.0.23 (string)

}

6 : { »

version_affected : = (string)

version_value : 2.3.0.60 (string)

}

7 : { »

version_affected : = (string)

version_value : 2.4.20041.1 (string)

}

8 : { »

version_affected : = (string)

version_value : 2.4.20119.2 (string)

}

]

}

]

}

vendor_name : Hitachi Energy (string)

}

]

}

credit : [ »

0 : { »

lang : eng (string)

value : ABB and Hitachi Energy thank CyTRICS researcher May Chaffin for helping to identify the vulnerabilities and protecting our customers. (string)

}

]

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-295 Improper Certificate Validation (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch (string)

refsource : MISC (string)

url : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

1 : { »

name : https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch (string)

refsource : MISC (string)

url : https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

]

}

solution : [ »

0 : { »

lang : en (string)

value : Install latest PCM600 Update Manager version 2.4.21218.1 or newer. (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T18:37:18.443Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 2b718523-d88f-4f37-9bbd-300c20644bf9 (string)

assignerShortName : ABB (string)

cveId : CVE-2021-22278 (string)

datePublished : 2021-10-28T12:45:58.086957Z (string)

dateReserved : 2021-01-05T00:00:00 (string)

dateUpdated : 2024-09-16T18:23:59.443Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:update_manager:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "270D7F57-336B-4529-A80B-54E7285A748C", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:update_manager:2.1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F3C761D5-31F0-4A1C-B25B-D6672E6CCFA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:update_manager:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D90D0E2D-D673-42B1-BF93-6A46CCB4FC4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:update_manager:2.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E7566688-A986-454E-85E2-30C410F036F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:update_manager:2.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E54590EC-81E2-4EB7-B9FA-FBD8D3EF68F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:update_manager:2.2.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "950F2775-4C0E-4C89-B9A5-E57C8AB7E358", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:update_manager:2.3.0.60:*:*:*:*:*:*:*", "matchCriteriaId": "B9641E06-083B-4D62-A589-CBD33842E4F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:update_manager:2.4.20041.1:*:*:*:*:*:*:*", "matchCriteriaId": "013A5B85-B035-459F-8D7D-1CD6ABA0BA06", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:update_manager:2.4.20119.2:*:*:*:*:*:*:*", "matchCriteriaId": "634F2294-B68D-4729-B794-DBCED5283F96", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:update_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "35E421FD-7C58-42B8-9D32-82D68763D59B", "versionEndIncluding": "2.10", "versionStartIncluding": "2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:pcm600:-:*:*:*:*:*:*:*", "matchCriteriaId": "A68C99C9-B2C1-4ADD-9B06-2BE60B583D30", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed."}, {"lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n de certificados en PCM600 Update Manager permite a un atacante conseguir que se instalen paquetes de software no deseados en el ordenador que presenta instalado el PCM600"}], "id": "CVE-2021-22278", "lastModified": "2024-11-21T05:49:50.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-28T13:15:08.203", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:abb:update_manager:2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 270D7F57-336B-4529-A80B-54E7285A748C (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:abb:update_manager:2.1.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : F3C761D5-31F0-4A1C-B25B-D6672E6CCFA4 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:abb:update_manager:2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : D90D0E2D-D673-42B1-BF93-6A46CCB4FC4E (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:abb:update_manager:2.2.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : E7566688-A986-454E-85E2-30C410F036F5 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:abb:update_manager:2.2.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : E54590EC-81E2-4EB7-B9FA-FBD8D3EF68F0 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:abb:update_manager:2.2.0.23:*:*:*:*:*:*:* (string)

matchCriteriaId : 950F2775-4C0E-4C89-B9A5-E57C8AB7E358 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:abb:update_manager:2.3.0.60:*:*:*:*:*:*:* (string)

matchCriteriaId : B9641E06-083B-4D62-A589-CBD33842E4F7 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:abb:update_manager:2.4.20041.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 013A5B85-B035-459F-8D7D-1CD6ABA0BA06 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:abb:update_manager:2.4.20119.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 634F2294-B68D-4729-B794-DBCED5283F96 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:abb:update_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 35E421FD-7C58-42B8-9D32-82D68763D59B (string)

versionEndIncluding : 2.10 (string)

versionStartIncluding : 2.7 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:hitachienergy:pcm600:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A68C99C9-B2C1-4ADD-9B06-2BE60B583D30 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de comprobación de certificados en PCM600 Update Manager permite a un atacante conseguir que se instalen paquetes de software no deseados en el ordenador que presenta instalado el PCM600 (string)

}

]

id : CVE-2021-22278 (string)

lastModified : 2024-11-21T05:49:50.010 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 5.9 (number)

source : cybersecurity@ch.abb.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-10-28T13:15:08.203 (string)

references : [ »

0 : { »

source : cybersecurity@ch.abb.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

1 : { »

source : cybersecurity@ch.abb.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch (string)

}

]

sourceIdentifier : cybersecurity@ch.abb.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-295 (string)

}

]

source : cybersecurity@ch.abb.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-295 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object