4 matches found
CVE-2025-41733
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...
CVE-2021-22272
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch...
CVE-2021-22272 ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase.
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch...
CVE-2021-22272
The CVE-2021-22272 entry concerns ABB/Busch-Jaeger ControlTouch cloud service. The root cause is in the commissioning flow, where an attacker could enter a serial number in a specific way to transfer the device virtually into the attacker’s my.busch-jaeger.de or mybuildings.abb.com profile, enabl...