CVE-2021-22277

Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:abb:800xa:::::::ac_800m:*
	cpe:2.3:a:abb:800xa:::::::ac_800m:*
	cpe:2.3:a:abb:800xa:::::::ac_800m:*
	cpe:2.3:a:abb:800xa:::::::ac_800m:*
	cpe:2.3:a:abb:base_software::::::softcontrol::*
	cpe:2.3:a:abb:base_software::::::softcontrol::*
	cpe:2.3:a:abb:base_software::::::softcontrol::*
	cpe:2.3:a:abb:base_software::::::softcontrol::*
	cpe:2.3:a:abb:compact_product_suite::::::::
	cpe:2.3:a:abb:compact_product_suite::::::::
	cpe:2.3:a:abb:compact_product_suite::::::::
	cpe:2.3:a:abb:compact_product_suite::::::::
	cpe:2.3:a:abb:control_builder_safe::::::::

History

21 Nov 2024, 05:49

Type	Values Removed	Values Added
References	~~() https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory~~	() https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory

Information

Published : 2022-04-01 23:15

Updated : 2024-11-21 05:49

NVD link : CVE-2021-22277

Mitre link : CVE-2021-22277

CVE.ORG link : CVE-2021-22277

JSON object : View

Products Affected

abb

control_builder_safe
compact_product_suite
base_software
800xa

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2021-22277", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-04-01T23:15:08.833", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@ch.abb.com"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service."}, {"lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en ABB 800xA, Software de control para AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl permite a un atacante causar la denegaci\u00f3n de servicio"}], "lastModified": "2024-11-21T05:49:49.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*", "vulnerable": true, "matchCriteriaId": "34405B51-759E-40EF-B267-D2C543516E88", "versionEndIncluding": "5.1.0-3", "versionStartIncluding": "5.1.0-0"}, {"criteria": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*", "vulnerable": true, "matchCriteriaId": "E60385EF-68B6-457C-8866-4FF873E479DD", "versionEndIncluding": "5.1.1-4", "versionStartIncluding": "5.1.1-0"}, {"criteria": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*", "vulnerable": true, "matchCriteriaId": "FC945CEA-6412-489A-B4FB-603F9155171F", "versionEndExcluding": "6.0.0-4", "versionStartIncluding": "6.0.0-0"}, {"criteria": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*", "vulnerable": true, "matchCriteriaId": "A586F45F-D257-48B9-B51E-2595C4244058", "versionEndExcluding": "6.1.1-2", "versionStartIncluding": "6.1.0-0"}, {"criteria": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*", "vulnerable": true, "matchCriteriaId": "978185F8-0B75-4148-A71D-CD0BD27DC33D", "versionEndIncluding": "5.1.0-3", "versionStartIncluding": "5.1.0-0"}, {"criteria": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*", "vulnerable": true, "matchCriteriaId": "7742BF26-14B5-4357-AAB2-9CA978AE40FA", "versionEndIncluding": "5.1.1-4", "versionStartIncluding": "5.1.1-0"}, {"criteria": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*", "vulnerable": true, "matchCriteriaId": "5A9496BF-861D-406B-9C20-1EB06B29FFBF", "versionEndIncluding": "6.0.0-3", "versionStartIncluding": "6.0.0-0"}, {"criteria": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*", "vulnerable": true, "matchCriteriaId": "9E030201-1CA1-4213-991B-8D232A479F71", "versionEndIncluding": "6.1.1-1", "versionStartIncluding": "6.1.0-0"}, {"criteria": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4A9DB73-0A59-4E23-86A8-0845CE70D165", "versionEndIncluding": "5.1.0-3", "versionStartIncluding": "5.1.0-0"}, {"criteria": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79270ECE-68F0-4A2E-B5E3-15B40793D772", "versionEndIncluding": "5.1.1-4", "versionStartIncluding": "5.1.1-0"}, {"criteria": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47F70CD9-38FB-4D91-A0E6-4DBAE8E90FA1", "versionEndIncluding": "6.0.0-3", "versionStartIncluding": "6.0.0-0"}, {"criteria": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFEBFB13-EFCB-4026-86D9-78D3AA8F18BF", "versionEndIncluding": "6.1.1-1", "versionStartIncluding": "6.1.0-0"}, {"criteria": "cpe:2.3:a:abb:control_builder_safe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8378E7C7-72FA-45C5-847C-63CCC0527C72", "versionEndExcluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@ch.abb.com"}