CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22272 – ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase.
https://notcve.org/view.php?id=CVE-2021-22272
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19107 – ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Information Exposure
https://notcve.org/view.php?id=CVE-2019-19107
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed). Las páginas de configuración en ABB Telephone Gateway TG/S versión 3.2 y Busch-Jaeger 6186/11 Telefon-Gateway para perfiles de usuario y servicios transfieren la contraseña en texto plano (aunque está oculta cuando se despliega). • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-264: Permissions, Privileges, and Access Controls CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19106 – ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Access Control issues
https://notcve.org/view.php?id=CVE-2019-19106
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings. La implementación inapropiada del Control de Acceso en ABB Telephone Gateway TG/S versión 3.2 y Busch-Jaeger 6186/11 Telefon-Gateway, permite a un usuario no autorizado acceder a datos marcados como restringidos, tal y como visualizar o editar perfiles de usuario y configuraciones de aplicaciones. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19105 – ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Plaintext storing of credentials
https://notcve.org/view.php?id=CVE-2019-19105
The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext. La función backup en ABB Telephone Gateway TG/S versión 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway, guarda la configuración actual y la configuración de la aplicación, incluyendo las credenciales de las cuentas de usuario existentes y otras credenciales de configuración en texto plano. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19104 – ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Improper Authentication and Access Control
https://notcve.org/view.php?id=CVE-2019-19104
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation. El servidor web en ABB Telephone Gateway TG/S versiones 3.2 y Busch-Jaeger 6186/11 Telefon-Gateway, permite el acceso a diferentes endpoints de la aplicación sin autenticación al acceder a un uniform resource locator (URL) específico, violando las reglas de control de acceso (ACL). Este problema permite obtener información confidencial que puede ayudar en futuros ataques y a escalar privilegios. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •