ABB Busch-Welcome 2 Wire Door Opener Actuator
Summary
ABB has acknowledged vulnerabilities in specific versions of their Busch-Welcome 2 Wire Door Opener Actuator. An attacker could exploit these vulnerabilities to gain unauthorized physical access to buildings where the product is installed. The primary vulnerability is due to an 'Active Debug Code' that allows for an authentication bypass when compatibility mode is enabled by default.
IFF Assessment
The discovery of a vulnerability that allows for unauthorized physical access to a building poses a direct security risk to defenders.
Severity
The CVSS score of 6.8 reflects a moderate-to-high severity, primarily driven by the potential for unauthorized physical access, which is a significant impact, although it likely requires specific conditions or proximity for exploitation.
Defender Context
Defenders should be aware of this vulnerability affecting ABB building access systems, particularly in commercial facilities. They should ensure that affected systems are updated or patched, and that the recommended mitigations, involving mode toggling and power resets, are applied to recalibrate the system and correct misconfigurations.