CWE
295
Advisory Published
Updated

CVE-2021-22278: Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool

First published: Thu Oct 28 2021(Updated: )

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.

Credit: cybersecurity@ch.abb.com

Affected SoftwareAffected VersionHow to fix
Abb Update Manager=2.1
Abb Update Manager=2.1.0.4
Abb Update Manager=2.2
Abb Update Manager=2.2.0.1
Abb Update Manager=2.2.0.2
Abb Update Manager=2.2.0.23
Abb Update Manager=2.3.0.60
Abb Update Manager=2.4.20041.1
Abb Update Manager=2.4.20119.2
Abb Update Manager>=2.7<=2.10
Hitachienergy Pcm600

Remedy

Install latest PCM600 Update Manager version 2.4.21218.1 or newer.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-22278?

    CVE-2021-22278 is a certificate validation vulnerability in PCM600 Update Manager that allows an attacker to install unwanted software packages on a computer with PCM600 installed.

  • Which software versions are affected by CVE-2021-22278?

    PCM600 Update Manager versions 2.1, 2.1.0.4, 2.2, 2.2.0.1, 2.2.0.2, 2.2.0.23, 2.3.0.60, 2.4.20041.1, and 2.4.20119.2 are affected.

  • What is the severity of CVE-2021-22278?

    CVE-2021-22278 has a severity rating of medium with a CVSS score of 6.7.

  • How can I mitigate the vulnerability?

    ABB has released an advisory that provides guidance on mitigating CVE-2021-22278. Please refer to the advisory for specific steps to protect your systems.

  • Where can I find more information about CVE-2021-22278?

    You can find more information about CVE-2021-22278 in the ABB security advisory available at the provided reference links.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203