CVE-2021-22283

28.02.2023, 05:15

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ABB	CNA	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Vendor	Product	Version
abb	smu615_firmware	𝑥 < 1.0.2
abb	rec615_firmware	𝑥 < 2.0.3
abb	rer615_firmware	𝑥 < 2.0.3
abb	evd4_firmware	*
abb	ref615r_firmware	*
abb	rex640_pcl3_firmware	𝑥 < 1.2.1
abb	rex640_pcl2_firmware	𝑥 < 1.1.4
abb	rex640_pcl1_firmware	𝑥 < 1.0.8
abb	rer620_firmware	*
abb	relion_611_firmware	𝑥 < 2.0.3
abb	ref615_iec_firmware	*
abb	ref615_ansi_firmware	*
abb	ref615_iec_firmware	*
abb	red615_iec_firmware	*
abb	ref615_ansi_firmware	*
abb	relion_615_iec_firmware	*
abb	relion_615_cn_firmware	*
abb	relion_615_ansi_firmware	*
abb	relion_615_iec_firmware	𝑥 < 4.1.9
abb	relion_615_cn_firmware	𝑥 < 4.1.8
abb	relion_615_iec_firmware	𝑥 < 5.0.12
abb	relion_615_iec_firmware	𝑥 < 5.1.20
abb	relion_620_iec_firmware	𝑥 < 2.0.11
abb	relion_620_cn_firmware	𝑥 < 2.0.11
abb	relion_620_ansi_firmware	*
abb	relion_620_iec_firmware	𝑥 < 2.1.15
abb	relion_620_cn_firmware	𝑥 < 2.1.15

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-665 - Improper Initialization
The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References

https://search.abb.com/library/Download.aspx?DocumentID=2NGA001147&LanguageCode=en&DocumentPartId=&Action=Launch