Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-22286

Summary
Assigner-ABB
Assigner Org ID-2b718523-d88f-4f37-9bbd-300c20644bf9
Published At-04 Feb, 2022 | 22:29
Updated At-17 Sep, 2024 | 01:00
Rejected At-
Credits

SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module

Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ABB
Assigner Org ID:2b718523-d88f-4f37-9bbd-300c20644bf9
Published At:04 Feb, 2022 | 22:29
Updated At:17 Sep, 2024 | 01:00
Rejected At:
▼CVE Numbering Authority (CNA)
SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module

Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.

Affected Products
Vendor
ABBABB
Product
SPIET800
Versions
Affected
  • From unspecified through A_B (custom)
Vendor
ABBABB
Product
PNI800
Versions
Affected
  • From unspecified through A_B (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

ABB advises all customers to review their installations to determine if they are using an impacted product as listed above. – SPIET800 devices with firmware version A_B or earlier are affected. All the vulnerabilities will be corrected in version A_C or later. – PNI800 devices with firmware version A_B or earlier are affected. All the vulnerabilities will be corrected in version B_0 or later.

Configurations
Workarounds
Exploits
Credits
ABB thanks Lance Lamont from Verve Industrial Protection and Ron Brash from Verve Industrial Protection/aDolus Technology Inc. helping to identify the vulnerabilities and protecting our customers.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_MISC
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_MISC
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cybersecurity@ch.abb.com
Published At:04 Feb, 2022 | 23:15
Updated At:09 Feb, 2022 | 20:22

Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
ABB
abb
>>pni800_firmware>>Versions up to a_b(inclusive)
cpe:2.3:o:abb:pni800_firmware:*:*:*:*:*:*:*:*
ABB
abb
>>pni800>>-
cpe:2.3:h:abb:pni800:-:*:*:*:*:*:*:*
ABB
abb
>>spiet800_firmware>>Versions up to a_b(inclusive)
cpe:2.3:o:abb:spiet800_firmware:*:*:*:*:*:*:*:*
ABB
abb
>>spiet800>>-
cpe:2.3:h:abb:spiet800:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE-20Secondarycybersecurity@ch.abb.com
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: cybersecurity@ch.abb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launchcybersecurity@ch.abb.com
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launch
Source: cybersecurity@ch.abb.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1531Records found
Details not found