CVE-2021-22279

Summary

A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.

Affected Software

VendorProductVersion RangeStatus
ABBRobotWareunspecified < 7.3.2affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors: • Do not use Connected Services Ethernet port connection until the update has been applied, or • Protect Connected Services Gateway Ethernet port with a firewall, which prevents inbound connections.

ADP Enrichment

CVE Program Container

Additional References

References