{"api_version":"1","generated_at":"2026-05-13T15:43:56+00:00","cve":"CVE-2021-22279","urls":{"html":"https://cve.report/CVE-2021-22279","api":"https://cve.report/api/cve/CVE-2021-22279.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22279","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22279"},"summary":{"title":"CVE-2021-22279","description":"A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.","state":"PUBLIC","assigner":"cybersecurity@ch.abb.com","published_at":"2021-12-13 16:15:00","updated_at":"2021-12-17 01:41:00"},"problem_types":["CWE-306"],"metrics":[],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch","name":"https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch","refsource":"MISC","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22279","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22279","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"22279","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"abb","cpe5":"omnicore_c30","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22279","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"abb","cpe5":"omnicore_c30_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cybersecurity@ch.abb.com","DATE_PUBLIC":"2021-12-01T07:48:00.000Z","ID":"CVE-2021-22279","STATE":"PUBLIC","TITLE":"OmniCore RobotWare Missing Authentication Vulnerability"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"RobotWare","version":{"version_data":[{"version_affected":"<","version_value":"7.3.2"}]}}]},"vendor_name":"ABB"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-306 Missing Authentication for Critical Function"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch","name":"https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch"}]},"solution":[{"lang":"eng","value":"The problem is corrected in RobotWare version 7.3.2.\nABB recommends that customers apply the update at earliest convenience. The update is available for download from RobotStudio.\n"}],"source":{"discovery":"UNKNOWN"},"work_around":[{"lang":"eng","value":"ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors:\n• Do not use Connected Services Ethernet port connection until the update has been applied, or\n• Protect Connected Services Gateway Ethernet port with a firewall, which prevents inbound connections."}]},"nvd":{"publishedDate":"2021-12-13 16:15:00","lastModifiedDate":"2021-12-17 01:41:00","problem_types":["CWE-306"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:abb:omnicore_c30_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"7.3.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:abb:omnicore_c30:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22279","Ordinal":"196982","Title":"CVE-2021-22279","CVE":"CVE-2021-22279","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22279","Ordinal":"1","NoteData":"A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"22279","Ordinal":"2","NoteData":"2021-12-13","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"22279","Ordinal":"3","NoteData":"2021-12-13","Type":"Other","Title":"Modified"}]}}}