First published: Thu Oct 28 2021(Updated: )
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.
Credit: cybersecurity@ch.abb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Abb Update Manager | =2.1 | |
Abb Update Manager | =2.1.0.4 | |
Abb Update Manager | =2.2 | |
Abb Update Manager | =2.2.0.1 | |
Abb Update Manager | =2.2.0.2 | |
Abb Update Manager | =2.2.0.23 | |
Abb Update Manager | =2.3.0.60 | |
Abb Update Manager | =2.4.20041.1 | |
Abb Update Manager | =2.4.20119.2 | |
Abb Update Manager | >=2.7<=2.10 | |
Hitachienergy Pcm600 |
Install latest PCM600 Update Manager version 2.4.21218.1 or newer.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22278 is a certificate validation vulnerability in PCM600 Update Manager that allows an attacker to install unwanted software packages on a computer with PCM600 installed.
PCM600 Update Manager versions 2.1, 2.1.0.4, 2.2, 2.2.0.1, 2.2.0.2, 2.2.0.23, 2.3.0.60, 2.4.20041.1, and 2.4.20119.2 are affected.
CVE-2021-22278 has a severity rating of medium with a CVSS score of 6.7.
ABB has released an advisory that provides guidance on mitigating CVE-2021-22278. Please refer to the advisory for specific steps to protect your systems.
You can find more information about CVE-2021-22278 in the ABB security advisory available at the provided reference links.