ID

VAR-202110-1059


CVE

CVE-2021-22278


TITLE

PCM600 Update Manager  Vulnerability in Certificate Verification

Trust: 0.8

sources: JVNDB: JVNDB-2021-005069

DESCRIPTION

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed

Trust: 1.71

sources: NVD: CVE-2021-22278 // JVNDB: JVNDB-2021-005069 // VULHUB: VHN-380713

AFFECTED PRODUCTS

vendor:abbmodel:update managerscope:eqversion:2.2.0.2

Trust: 1.0

vendor:abbmodel:update managerscope:gteversion:2.7

Trust: 1.0

vendor:abbmodel:update managerscope:eqversion:2.3.0.60

Trust: 1.0

vendor:abbmodel:update managerscope:eqversion:2.1.0.4

Trust: 1.0

vendor:abbmodel:update managerscope:eqversion:2.2

Trust: 1.0

vendor:abbmodel:update managerscope:lteversion:2.10

Trust: 1.0

vendor:abbmodel:update managerscope:eqversion:2.2.0.1

Trust: 1.0

vendor:abbmodel:update managerscope:eqversion:2.4.20041.1

Trust: 1.0

vendor:abbmodel:update managerscope:eqversion:2.2.0.23

Trust: 1.0

vendor:abbmodel:update managerscope:eqversion:2.1

Trust: 1.0

vendor:abbmodel:update managerscope:eqversion:2.4.20119.2

Trust: 1.0

vendor:abbmodel:update managerscope:eqversion: -

Trust: 0.8

vendor:abbmodel:update managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005069 // NVD: CVE-2021-22278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22278
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2021-22278
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-22278
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202110-2031
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380713
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22278
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-380713
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22278
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2021-22278
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22278
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380713 // JVNDB: JVNDB-2021-005069 // CNNVD: CNNVD-202110-2031 // NVD: CVE-2021-22278 // NVD: CVE-2021-22278

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:Bad certificate verification (CWE-295) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380713 // JVNDB: JVNDB-2021-005069 // NVD: CVE-2021-22278

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-2031

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202110-2031

PATCH

title:2NGA001142 Hitachi EnergyCYBERSECURITY ADVISORYurl:https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch

Trust: 0.8

title:Abb Pcm600 Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168590

Trust: 0.6

sources: JVNDB: JVNDB-2021-005069 // CNNVD: CNNVD-202110-2031

EXTERNAL IDS

db:NVDid:CVE-2021-22278

Trust: 2.5

db:ICS CERTid:ICSA-21-336-07

Trust: 1.4

db:JVNid:JVNVU90348129

Trust: 0.8

db:JVNDBid:JVNDB-2021-005069

Trust: 0.8

db:CS-HELPid:SB2021120301

Trust: 0.6

db:AUSCERTid:ESB-2021.4098

Trust: 0.6

db:CNNVDid:CNNVD-202110-2031

Trust: 0.6

db:VULHUBid:VHN-380713

Trust: 0.1

sources: VULHUB: VHN-380713 // JVNDB: JVNDB-2021-005069 // CNNVD: CNNVD-202110-2031 // NVD: CVE-2021-22278

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=8dbd000056&languagecode=en&documentpartid=&action=launch

Trust: 1.6

url:https://search.abb.com/library/download.aspx?documentid=2nga001142&languagecode=en&documentpartid=&action=launch

Trust: 1.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-336-07

Trust: 1.4

url:https://jvn.jp/vu/jvnvu90348129/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-22278

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.4098

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120301

Trust: 0.6

url:https://search.abb.com/library/download.aspx?documentid=2nga001142&languagecode=en&documentpartid=&action=launch

Trust: 0.1

url:https://search.abb.com/library/download.aspx?documentid=8dbd000056&languagecode=en&documentpartid=&action=launch

Trust: 0.1

sources: VULHUB: VHN-380713 // JVNDB: JVNDB-2021-005069 // CNNVD: CNNVD-202110-2031 // NVD: CVE-2021-22278

CREDITS

A Department of Energy CyTRICS researcher from Idaho National Laboratory reported this vulnerability to Hitachi Energy.

Trust: 0.6

sources: CNNVD: CNNVD-202110-2031

SOURCES

db:VULHUBid:VHN-380713
db:JVNDBid:JVNDB-2021-005069
db:CNNVDid:CNNVD-202110-2031
db:NVDid:CVE-2021-22278

LAST UPDATE DATE

2024-08-14T13:13:43.873000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380713date:2021-11-03T00:00:00
db:JVNDBid:JVNDB-2021-005069date:2021-12-07T04:48:00
db:CNNVDid:CNNVD-202110-2031date:2021-12-06T00:00:00
db:NVDid:CVE-2021-22278date:2023-05-16T20:56:48.347

SOURCES RELEASE DATE

db:VULHUBid:VHN-380713date:2021-10-28T00:00:00
db:JVNDBid:JVNDB-2021-005069date:2021-12-07T00:00:00
db:CNNVDid:CNNVD-202110-2031date:2021-10-28T00:00:00
db:NVDid:CVE-2021-22278date:2021-10-28T13:15:08.203