Sign-up

ID

VAR-202202-0650


CVE

CVE-2021-22284


TITLE

ABB  Made  OPC Server for AC 800M  Code Execution Vulnerability with Unnecessary Privileges

Trust: 0.8

sources: JVNDB: JVNDB-2022-001475

DESCRIPTION

Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. ABB Provided by OPC Server for AC 800M Is a run-time data reader

Trust: 1.71

sources: NVD: CVE-2021-22284 // JVNDB: JVNDB-2022-001475 // VULHUB: VHN-380719

AFFECTED PRODUCTS

vendor:abbmodel:opc server for ac 800mscope:ltversion:6.0.0-4

Trust: 1.0

vendor:abbmodel:opc server for ac 800mscope:gteversion:5.1.0-0

Trust: 1.0

vendor:abbmodel:opc server for ac 800mscope:eqversion:5.1.1-1 6.0.0-1

Trust: 0.8

vendor:abbmodel:opc server for ac 800mscope:eqversion:5.1.0-x system, 5.1.1-x system, 6.0.0-x system

Trust: 0.8

vendor:abbmodel:opc server for ac 800mscope:lteversion:5.1.0-x system, 5.1.1-x system, 6.0.0-1 from 6.0.0-3 until

Trust: 0.8

vendor:abbmodel:opc server for ac 800mscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-001475 // NVD: CVE-2021-22284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22284
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2021-22284
value: HIGH

Trust: 1.0

OTHER: JVNDB-2022-001475
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202202-349
value: HIGH

Trust: 0.6

VULHUB: VHN-380719
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22284
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-380719
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22284
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2021-22284
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.7
impactScore: 6.0
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-001475
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380719 // JVNDB: JVNDB-2022-001475 // CNNVD: CNNVD-202202-349 // NVD: CVE-2021-22284 // NVD: CVE-2021-22284

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:Execution with unnecessary privileges (CWE-250) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-380719 // JVNDB: JVNDB-2022-001475 // NVD: CVE-2021-22284

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-349

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-349

PATCH

title:Contact centersurl:https://search.abb.com/library/Download.aspx?DocumentID=7PAA000908&LanguageCode=en&DocumentPartId=&Action=Launch

Trust: 0.8

title:ABB OPCServer for AC800M Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182667

Trust: 0.6

sources: JVNDB: JVNDB-2022-001475 // CNNVD: CNNVD-202202-349

EXTERNAL IDS

db:NVDid:CVE-2021-22284

Trust: 3.3

db:ICS CERTid:ICSA-22-074-01

Trust: 1.4

db:JVNid:JVNVU97108634

Trust: 0.8

db:JVNDBid:JVNDB-2022-001475

Trust: 0.8

db:CS-HELPid:SB2022031607

Trust: 0.6

db:AUSCERTid:ESB-2022.1120

Trust: 0.6

db:CNNVDid:CNNVD-202202-349

Trust: 0.6

db:VULHUBid:VHN-380719

Trust: 0.1

sources: VULHUB: VHN-380719 // JVNDB: JVNDB-2022-001475 // CNNVD: CNNVD-202202-349 // NVD: CVE-2021-22284

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=7paa000908&languagecode=en&documentpartid=&action=launch

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-22284

Trust: 1.4

url:https://jvn.jp/vu/jvnvu97108634/

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-074-01

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.1120

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031607

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-074-01

Trust: 0.6

url:https://search.abb.com/library/download.aspx?documentid=7paa000908&languagecode=en&documentpartid=&action=launch

Trust: 0.1

sources: VULHUB: VHN-380719 // JVNDB: JVNDB-2022-001475 // CNNVD: CNNVD-202202-349 // NVD: CVE-2021-22284

CREDITS

William Knowles of Applied Risk reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202202-349

SOURCES

db:VULHUBid:VHN-380719
db:JVNDBid:JVNDB-2022-001475
db:CNNVDid:CNNVD-202202-349
db:NVDid:CVE-2021-22284

LAST UPDATE DATE

2024-08-14T13:22:40.364000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380719date:2022-02-09T00:00:00
db:JVNDBid:JVNDB-2022-001475date:2022-03-17T05:55:00
db:CNNVDid:CNNVD-202202-349date:2022-03-17T00:00:00
db:NVDid:CVE-2021-22284date:2022-02-09T18:11:16.810

SOURCES RELEASE DATE

db:VULHUBid:VHN-380719date:2022-02-04T00:00:00
db:JVNDBid:JVNDB-2022-001475date:2022-03-17T00:00:00
db:CNNVDid:CNNVD-202202-349date:2022-02-04T00:00:00
db:NVDid:CVE-2021-22284date:2022-02-04T23:15:10.870