SECURITY - OPC Server for AC 800M - Remote Code Execution Vulnerability
CVE-2021-22284

8.4HIGH

Key Information:

Vendor: Abb
Status: 800xa, Control Software For Ac 800m Opc Server For Ac 800m; Control Builder Safe, Version 1.x Opc Server For Ac 800m; Control Builder Safe, Version 2.0 Opc Server For Ac 800m; Compact Product Suite - Control And I/o Opc Server For Ac 800m
Vendor: CVE Published:; 4 February 2022

What is CVE-2021-22284?

Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server.

Affected Version(s)

800xA, Control Software for AC 800M OPC Server for AC 800M <= 5.1.0-x

800xA, Control Software for AC 800M OPC Server for AC 800M <= 5.1.1-x

800xA, Control Software for AC 800M OPC Server for AC 800M 6.0.0-1

References

https://search.abb.com/library/Download.aspx?DocumentID=7...

x_refsource_MISC

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 4, 2022
Vulnerability Reserved
Jan 5, 2021

Credit

ABB thanks William Knowles at Applied Risk for helping to identify the vulnerabilities and protecting our customers.

Abb

What is CVE-2021-22284?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit