The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch
References
Link | Resource |
---|---|
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ABB
Published: 2021-06-30T00:00:00
Updated: 2021-09-27T13:40:32
Reserved: 2021-01-05T00:00:00
Link: CVE-2021-22272
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-27T14:15:07.957
Modified: 2021-10-08T14:16:33.820
Link: CVE-2021-22272
JSON object: View
Redhat Information
No data.