CVE-2021-22288 – SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module
https://notcve.org/view.php?id=CVE-2021-22288
Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el módulo ABB SPIET800 y PNI800 permite a un atacante causar la denegación de servicio o causar que el módulo no responda • https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation •
CVE-2021-22286 – SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module
https://notcve.org/view.php?id=CVE-2021-22286
Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el módulo ABB SPIET800 y PNI800 permite a un atacante causar la denegación de servicio o causar que el módulo no responda • https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation •
CVE-2021-22279 – OmniCore RobotWare Missing Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2021-22279
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port. Una vulnerabilidad de falta de autenticación en RobotWare para el controlador de robot OmniCore permite a un atacante leer y modificar archivos en el controlador de robot si el atacante presenta acceso al puerto Ethernet de Connected Services Gateway • https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-306: Missing Authentication for Critical Function •
CVE-2021-22278 – Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool
https://notcve.org/view.php?id=CVE-2021-22278
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. Una vulnerabilidad de comprobación de certificados en PCM600 Update Manager permite a un atacante conseguir que se instalen paquetes de software no deseados en el ordenador que presenta instalado el PCM600 • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-295: Improper Certificate Validation •
CVE-2021-22272 – ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase.
https://notcve.org/view.php?id=CVE-2021-22272
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •