Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by busch-jaeger
CVE-2021-22272 (GCVE-0-2021-22272)
Vulnerability from cvelistv5 – Published: 2021-09-27 13:40 – Updated: 2024-09-16 19:30
VLAI
Title
ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase.
Summary
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch
Severity
6.5 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | mybuildings.abb.com |
Affected:
2021-05-03 , < 2021-05-03
(custom)
|
|
| Busch-Jaeger | my.busch-jaeger.de |
Affected:
2021-05-03 , < 2021-05-03
(custom)
|
Date Public
2021-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"virtual"
],
"product": "mybuildings.abb.com",
"vendor": "ABB",
"versions": [
{
"lessThan": "2021-05-03",
"status": "affected",
"version": "2021-05-03",
"versionType": "custom"
}
]
},
{
"platforms": [
"virtual"
],
"product": "my.busch-jaeger.de",
"vendor": "Busch-Jaeger",
"versions": [
{
"lessThan": "2021-05-03",
"status": "affected",
"version": "2021-05-03",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T13:40:32.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2021-06-30T07:56:00.000Z",
"ID": "CVE-2021-22272",
"STATE": "PUBLIC",
"TITLE": "ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mybuildings.abb.com",
"version": {
"version_data": [
{
"platform": "virtual",
"version_affected": "\u003c",
"version_name": "2021-05-03",
"version_value": "2021-05-03"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "my.busch-jaeger.de",
"version": {
"version_data": [
{
"platform": "virtual",
"version_affected": "\u003c",
"version_name": "2021-05-03",
"version_value": "2021-05-03"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2021-22272",
"datePublished": "2021-09-27T13:40:32.018Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:30:00.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22276 (GCVE-0-2021-22276)
Vulnerability from cvelistv5 – Published: 2021-09-23 15:20 – Updated: 2024-09-16 20:58
VLAI
Title
free@home System Access Point FW integrity check can be bypassed.
Summary
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.
Severity
6.1 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | System Access Point |
Affected:
2CKA006200A0156 , ≤ 2.6.3
(custom)
Affected: 2CKA006200A0155 , ≤ 2.6.3 (custom) Affected: 2CKA006220A0240 , ≤ 2.6.3 (custom) Affected: 2CKA006220A0136 , ≤ 2.6.3 (custom) Affected: 2CKA006200A0130 , ≤ 2.6.3 (custom) Affected: 2CKA006200A0105 , ≤ 2.6.3 (custom) Affected: 2CKA006200A0071 , ≤ 2.6.3 (custom) |
|
| Busch-Jaeger | System Access Point |
Affected:
2CKA006220A0031 , ≤ 2.6.3
(custom)
Affected: 2CKA006200A0154 , ≤ 2.6.3 (custom) |
Date Public
2021-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System Access Point",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0156",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0155",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006220A0240",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006220A0136",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0130",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0105",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0071",
"versionType": "custom"
}
]
},
{
"product": "System Access Point",
"vendor": "Busch-Jaeger",
"versions": [
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006220A0031",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0154",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T15:20:42.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "free@home System Access Point FW integrity check can be bypassed.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2021-06-30T07:56:00.000Z",
"ID": "CVE-2021-22276",
"STATE": "PUBLIC",
"TITLE": "free@home System Access Point FW integrity check can be bypassed."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Access Point",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0156",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0155",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006220A0240",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006220A0136",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0130",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0105",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0071",
"version_value": "2.6.3"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "System Access Point",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2CKA006220A0031",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0154",
"version_value": "2.6.3"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2021-22276",
"datePublished": "2021-09-23T15:20:42.229Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:58:27.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19107 (GCVE-0-2019-19107)
Vulnerability from cvelistv5 – Published: 2020-04-22 14:38 – Updated: 2024-08-05 02:09
VLAI
Title
ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Information Exposure
Summary
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).
Severity
6.2 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | TG/S 3.2 Telephone Gateway |
Affected:
2CDG 110 135 R0011
|
|
| Busch-Jaeger | 6186/11 Telefon-Gateway |
Affected:
2CKA006136A0187
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TG/S 3.2 Telephone Gateway",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2CDG 110 135 R0011"
}
]
},
{
"product": "6186/11 Telefon-Gateway",
"vendor": "Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "2CKA006136A0187"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T14:38:59.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19107",
"STATE": "PUBLIC",
"TITLE": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Information Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TG/S 3.2 Telephone Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CDG 110 135 R0011"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "6186/11 Telefon-Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CKA006136A0187"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19107",
"datePublished": "2020-04-22T14:38:59.000Z",
"dateReserved": "2019-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:09:39.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19106 (GCVE-0-2019-19106)
Vulnerability from cvelistv5 – Published: 2020-04-22 14:37 – Updated: 2024-08-05 02:09
VLAI
Title
ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Access Control issues
Summary
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings.
Severity
9.1 (Critical)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | TG/S 3.2 Telephone Gateway |
Affected:
2CDG 110 135 R0011
|
|
| Busch-Jaeger | 6186/11 Telefon-Gateway |
Affected:
2CKA006136A0187
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TG/S 3.2 Telephone Gateway",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2CDG 110 135 R0011"
}
]
},
{
"product": "6186/11 Telefon-Gateway",
"vendor": "Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "2CKA006136A0187"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T14:37:11.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Access Control issues",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19106",
"STATE": "PUBLIC",
"TITLE": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Access Control issues"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TG/S 3.2 Telephone Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CDG 110 135 R0011"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "6186/11 Telefon-Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CKA006136A0187"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19106",
"datePublished": "2020-04-22T14:37:11.000Z",
"dateReserved": "2019-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:09:39.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19105 (GCVE-0-2019-19105)
Vulnerability from cvelistv5 – Published: 2020-04-22 14:35 – Updated: 2024-08-05 02:09
VLAI
Title
ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Plaintext storing of credentials
Summary
The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext.
Severity
6.2 (Medium)
CWE
- CWE-256 - Unprotected Storage of Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | TG/S 3.2 Telephone Gateway |
Affected:
2CDG 110 135 R0011
|
|
| Busch-Jaeger | 6186/11 Telefon-Gateway |
Affected:
2CKA006136A0187
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TG/S 3.2 Telephone Gateway",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2CDG 110 135 R0011"
}
]
},
{
"product": "6186/11 Telefon-Gateway",
"vendor": "Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "2CKA006136A0187"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration\u0027s credentials in plaintext."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Unprotected Storage of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T14:35:17.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Plaintext storing of credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19105",
"STATE": "PUBLIC",
"TITLE": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Plaintext storing of credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TG/S 3.2 Telephone Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CDG 110 135 R0011"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "6186/11 Telefon-Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CKA006136A0187"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration\u0027s credentials in plaintext."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256 Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19105",
"datePublished": "2020-04-22T14:35:17.000Z",
"dateReserved": "2019-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:09:39.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19104 (GCVE-0-2019-19104)
Vulnerability from cvelistv5 – Published: 2020-04-22 14:31 – Updated: 2024-08-05 02:09
VLAI
Title
ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Improper Authentication and Access Control
Summary
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.
Severity
9.1 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | TG/S 3.2 Telephone Gateway |
Affected:
2CDG 110 135 R0011
|
|
| Busch-Jaeger | 6186/11 Telefon-Gateway |
Affected:
2CKA006136A0187
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TG/S 3.2 Telephone Gateway",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2CDG 110 135 R0011"
}
]
},
{
"product": "6186/11 Telefon-Gateway",
"vendor": "Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "2CKA006136A0187"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T14:31:55.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Improper Authentication and Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19104",
"STATE": "PUBLIC",
"TITLE": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Improper Authentication and Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TG/S 3.2 Telephone Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CDG 110 135 R0011"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "6186/11 Telefon-Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CKA006136A0187"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19104",
"datePublished": "2020-04-22T14:31:55.000Z",
"dateReserved": "2019-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:09:39.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22272 (GCVE-0-2021-22272)
Vulnerability from nvd – Published: 2021-09-27 13:40 – Updated: 2024-09-16 19:30
VLAI
Title
ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase.
Summary
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch
Severity
6.5 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | mybuildings.abb.com |
Affected:
2021-05-03 , < 2021-05-03
(custom)
|
|
| Busch-Jaeger | my.busch-jaeger.de |
Affected:
2021-05-03 , < 2021-05-03
(custom)
|
Date Public
2021-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"virtual"
],
"product": "mybuildings.abb.com",
"vendor": "ABB",
"versions": [
{
"lessThan": "2021-05-03",
"status": "affected",
"version": "2021-05-03",
"versionType": "custom"
}
]
},
{
"platforms": [
"virtual"
],
"product": "my.busch-jaeger.de",
"vendor": "Busch-Jaeger",
"versions": [
{
"lessThan": "2021-05-03",
"status": "affected",
"version": "2021-05-03",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T13:40:32.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2021-06-30T07:56:00.000Z",
"ID": "CVE-2021-22272",
"STATE": "PUBLIC",
"TITLE": "ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mybuildings.abb.com",
"version": {
"version_data": [
{
"platform": "virtual",
"version_affected": "\u003c",
"version_name": "2021-05-03",
"version_value": "2021-05-03"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "my.busch-jaeger.de",
"version": {
"version_data": [
{
"platform": "virtual",
"version_affected": "\u003c",
"version_name": "2021-05-03",
"version_value": "2021-05-03"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2021-22272",
"datePublished": "2021-09-27T13:40:32.018Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:30:00.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22276 (GCVE-0-2021-22276)
Vulnerability from nvd – Published: 2021-09-23 15:20 – Updated: 2024-09-16 20:58
VLAI
Title
free@home System Access Point FW integrity check can be bypassed.
Summary
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.
Severity
6.1 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | System Access Point |
Affected:
2CKA006200A0156 , ≤ 2.6.3
(custom)
Affected: 2CKA006200A0155 , ≤ 2.6.3 (custom) Affected: 2CKA006220A0240 , ≤ 2.6.3 (custom) Affected: 2CKA006220A0136 , ≤ 2.6.3 (custom) Affected: 2CKA006200A0130 , ≤ 2.6.3 (custom) Affected: 2CKA006200A0105 , ≤ 2.6.3 (custom) Affected: 2CKA006200A0071 , ≤ 2.6.3 (custom) |
|
| Busch-Jaeger | System Access Point |
Affected:
2CKA006220A0031 , ≤ 2.6.3
(custom)
Affected: 2CKA006200A0154 , ≤ 2.6.3 (custom) |
Date Public
2021-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System Access Point",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0156",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0155",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006220A0240",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006220A0136",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0130",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0105",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0071",
"versionType": "custom"
}
]
},
{
"product": "System Access Point",
"vendor": "Busch-Jaeger",
"versions": [
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006220A0031",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2CKA006200A0154",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T15:20:42.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "free@home System Access Point FW integrity check can be bypassed.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2021-06-30T07:56:00.000Z",
"ID": "CVE-2021-22276",
"STATE": "PUBLIC",
"TITLE": "free@home System Access Point FW integrity check can be bypassed."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Access Point",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0156",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0155",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006220A0240",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006220A0136",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0130",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0105",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0071",
"version_value": "2.6.3"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "System Access Point",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2CKA006220A0031",
"version_value": "2.6.3"
},
{
"version_affected": "\u003c=",
"version_name": "2CKA006200A0154",
"version_value": "2.6.3"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2021-22276",
"datePublished": "2021-09-23T15:20:42.229Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:58:27.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19107 (GCVE-0-2019-19107)
Vulnerability from nvd – Published: 2020-04-22 14:38 – Updated: 2024-08-05 02:09
VLAI
Title
ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Information Exposure
Summary
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).
Severity
6.2 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | TG/S 3.2 Telephone Gateway |
Affected:
2CDG 110 135 R0011
|
|
| Busch-Jaeger | 6186/11 Telefon-Gateway |
Affected:
2CKA006136A0187
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TG/S 3.2 Telephone Gateway",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2CDG 110 135 R0011"
}
]
},
{
"product": "6186/11 Telefon-Gateway",
"vendor": "Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "2CKA006136A0187"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T14:38:59.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19107",
"STATE": "PUBLIC",
"TITLE": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Information Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TG/S 3.2 Telephone Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CDG 110 135 R0011"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "6186/11 Telefon-Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CKA006136A0187"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19107",
"datePublished": "2020-04-22T14:38:59.000Z",
"dateReserved": "2019-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:09:39.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19106 (GCVE-0-2019-19106)
Vulnerability from nvd – Published: 2020-04-22 14:37 – Updated: 2024-08-05 02:09
VLAI
Title
ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Access Control issues
Summary
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings.
Severity
9.1 (Critical)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | TG/S 3.2 Telephone Gateway |
Affected:
2CDG 110 135 R0011
|
|
| Busch-Jaeger | 6186/11 Telefon-Gateway |
Affected:
2CKA006136A0187
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TG/S 3.2 Telephone Gateway",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2CDG 110 135 R0011"
}
]
},
{
"product": "6186/11 Telefon-Gateway",
"vendor": "Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "2CKA006136A0187"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T14:37:11.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Access Control issues",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19106",
"STATE": "PUBLIC",
"TITLE": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Access Control issues"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TG/S 3.2 Telephone Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CDG 110 135 R0011"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "6186/11 Telefon-Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CKA006136A0187"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19106",
"datePublished": "2020-04-22T14:37:11.000Z",
"dateReserved": "2019-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:09:39.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19105 (GCVE-0-2019-19105)
Vulnerability from nvd – Published: 2020-04-22 14:35 – Updated: 2024-08-05 02:09
VLAI
Title
ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Plaintext storing of credentials
Summary
The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext.
Severity
6.2 (Medium)
CWE
- CWE-256 - Unprotected Storage of Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | TG/S 3.2 Telephone Gateway |
Affected:
2CDG 110 135 R0011
|
|
| Busch-Jaeger | 6186/11 Telefon-Gateway |
Affected:
2CKA006136A0187
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TG/S 3.2 Telephone Gateway",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2CDG 110 135 R0011"
}
]
},
{
"product": "6186/11 Telefon-Gateway",
"vendor": "Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "2CKA006136A0187"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration\u0027s credentials in plaintext."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Unprotected Storage of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T14:35:17.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Plaintext storing of credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19105",
"STATE": "PUBLIC",
"TITLE": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Plaintext storing of credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TG/S 3.2 Telephone Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CDG 110 135 R0011"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "6186/11 Telefon-Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CKA006136A0187"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration\u0027s credentials in plaintext."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256 Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19105",
"datePublished": "2020-04-22T14:35:17.000Z",
"dateReserved": "2019-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:09:39.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19104 (GCVE-0-2019-19104)
Vulnerability from nvd – Published: 2020-04-22 14:31 – Updated: 2024-08-05 02:09
VLAI
Title
ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Improper Authentication and Access Control
Summary
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.
Severity
9.1 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | TG/S 3.2 Telephone Gateway |
Affected:
2CDG 110 135 R0011
|
|
| Busch-Jaeger | 6186/11 Telefon-Gateway |
Affected:
2CKA006136A0187
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TG/S 3.2 Telephone Gateway",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2CDG 110 135 R0011"
}
]
},
{
"product": "6186/11 Telefon-Gateway",
"vendor": "Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "2CKA006136A0187"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T14:31:55.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Improper Authentication and Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19104",
"STATE": "PUBLIC",
"TITLE": "ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Improper Authentication and Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TG/S 3.2 Telephone Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CDG 110 135 R0011"
}
]
}
}
]
},
"vendor_name": "ABB"
},
{
"product": {
"product_data": [
{
"product_name": "6186/11 Telefon-Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CKA006136A0187"
}
]
}
}
]
},
"vendor_name": "Busch-Jaeger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19104",
"datePublished": "2020-04-22T14:31:55.000Z",
"dateReserved": "2019-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:09:39.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}