← Back

Busch Jaeger

busch-jaeger

5 CVEs • 3 products

Products (3)

Click to collapse
Toggle
6186/11 Firmware
6186/11_firmware
4 CVEs
Mybusch Jaeger
mybusch-jaeger
1 CVE
6186/11
0 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-22272
2Abb
Busch Jaeger
2Mybuildings
Mybusch Jaeger
Nov 21, 2024
Sep 27, 2021
N/A· v4
9.4 CRITICAL· v3
9.0 HIGH· v2
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb...Show more
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouchShow less
CVE-2019-19107
2Abb
Busch Jaeger
26186/11 Firmware
Tg/s3.2 Firmware
Nov 21, 2024
Apr 22, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).
CVE-2019-19106
2Abb
Busch Jaeger
26186/11 Firmware
Tg/s3.2 Firmware
Nov 21, 2024
Apr 22, 2020
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profil...Show more
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings.Show less
CVE-2019-19105
2Abb
Busch Jaeger
26186/11 Firmware
Tg/s3.2 Firmware
Nov 21, 2024
Apr 22, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other co...Show more
The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext.Show less
CVE-2019-19104
2Abb
Busch Jaeger
26186/11 Firmware
Tg/s3.2 Firmware
Nov 21, 2024
Apr 22, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (U...Show more
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.Show less