Cross-Site Scripting Vulnerability in ABB EIBPORT Products
CVE-2021-22291

8.5HIGH

Key Information:

Vendor: Abb
Status: Eibport V3 Knx; Eibport V3 Knx Gsm
Vendor: CVE Published:; 7 October 2025

What is CVE-2021-22291?

An improper neutralization of input during web page generation in ABB EIBPORT products can lead to a Cross-Site Scripting vulnerability. This flaw may allow an attacker to inject malicious scripts into web pages viewed by users, potentially leading to data theft or unauthorized actions. The specific versions affected are EIBPORT V3 KNX and EIBPORT V3 KNX GSM, both prior to version 3.9.2. It is essential for users to update their software to mitigate this risk and safeguard their systems.

Affected Version(s)

EIBPORT V3 KNX 0 < 3.9.2

EIBPORT V3 KNX GSM 0 < 3.9.2

References

https://search.abb.com/library/Download.aspx?DocumentID=9...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Jan 5, 2021

Credit

ABB acknowledges and thanks Psytester for responsibly disclosing the vulnerabilities and helping to verify the resolving implementation.

JSON

Abb

What is CVE-2021-22291?

Affected Version(s)

References

CVSS V4

Timeline

Credit