CVE-2021-22278
MEDIUMABB Update Manager 2.7-<2.10 - Improper Certificate Validation
Title source: llmDescription
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch
Vendor Advisory x_refsource_misc
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch
Scores
CVSS v3
6.7
EPSS
0.0002
EPSS Percentile
5.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-295
Status
published
Products (10)
abb/update_manager
2.1
abb/update_manager
2.1.0.4
abb/update_manager
2.2
abb/update_manager
2.2.0.1
abb/update_manager
2.2.0.2
abb/update_manager
2.2.0.23
abb/update_manager
2.3.0.60
abb/update_manager
2.4.20041.1
abb/update_manager
2.4.20119.2
abb/update_manager
2.7 - 2.10
Published
Oct 28, 2021
Tracked Since
Feb 18, 2026