CVE-2021-22278

Summary

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.

Affected Software

VendorProductVersion RangeStatus
ABBPCM6002.7 < unspecifiedaffected
ABBPCM600unspecified <= 2.10affected
ABBPCM600 Update Manager2.1affected
ABBPCM600 Update Manager2.1.0.4affected
ABBPCM600 Update Manager2.2affected
ABBPCM600 Update Manager2.2.0.1affected
ABBPCM600 Update Manager2.2.0.2affected
ABBPCM600 Update Manager2.2.0.23affected
ABBPCM600 Update Manager2.3.0.60affected
ABBPCM600 Update Manager2.4.20041.1affected
ABBPCM600 Update Manager2.4.20119.2affected
Hitachi EnergyPCM6002.7 < unspecifiedaffected
Hitachi EnergyPCM600unspecified <= 2.10affected
Hitachi EnergyPCM600 Update Manager2.1affected
Hitachi EnergyPCM600 Update Manager2.1.0.4affected
Hitachi EnergyPCM600 Update Manager2.2affected
Hitachi EnergyPCM600 Update Manager2.2.0.1affected
Hitachi EnergyPCM600 Update Manager2.2.0.2affected
Hitachi EnergyPCM600 Update Manager2.2.0.23affected
Hitachi EnergyPCM600 Update Manager2.3.0.60affected
Hitachi EnergyPCM600 Update Manager2.4.20041.1affected
Hitachi EnergyPCM600 Update Manager2.4.20119.2affected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CVE Program Container

Additional References

References