Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase.
Vulnerability Description
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
信息暴露
Vulnerability Title
ABB Mybuildings 代码问题漏洞
Vulnerability Description
ABB Mybuildings是瑞士ABB公司的一个为智能家居系统提供创新化的解决方案。 ABB Mybuildings 中存在代码问题漏洞,该漏洞源于产品允许通过输入序列号将设备虚拟的转移至my.busch-jaeger.de 或 mybuildings.abb.com。攻击者可通过该漏洞获得远程控制权限。
CVSS Information
N/A
Vulnerability Type
N/A