CVE-2021-22272

Name of the Vulnerable Software and Affected Versions: ControlTouch (affected versions not specified)

Description: The issue originates in the commissioning process where an attacker can enter a serial number in a specific way to transfer the device virtually into their my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.