CVE-2021-22279
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABB | RobotWare | unspecified < 7.3.2 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors: • Do not use Connected Services Ethernet port connection until the update has been applied, or • Protect Connected Services Gateway Ethernet port with a firewall, which prevents inbound connections.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.