Detections
Analytics
ABB SPIET800 and PNI800 Uncontrolled Resource Consumption (CVE-2021-22288)
high Tenable OT Security Plugin ID 501112
Synopsis
The remote OT asset is affected by a vulnerability.Description
Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.ABB recommends the following mitigations and workarounds.
- SPIET800: Update to Version A_C or later (planned Q2 2022)
- PIN80: Update to Version B_0 or later (planned Q2 2022)
ABB advises users to review their installations to determine if they are using an impacted product as listed above.
Please see ABB Symphony Plus advisory and ABB Cybersecurity alerts portal for more information.
See Also
http://www.nessus.org/u?729dcc02
https://www.cisa.gov/news-events/ics-advisories/icsa-22-097-02
Plugin Details
Severity: High
ID: 501112
Version: 1.5
Type: remote
Family: Tenable.ot
Published: 5/9/2023
Updated: 9/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2021-22288
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:abb:spiet800_firmware, cpe:/o:abb:pni800_firmware
Required KB Items: Tenable.ot/ABB
Exploit Ease: No known exploits are available
Patch Publication Date: 2/4/2022
Vulnerability Publication Date: 2/4/2022
Reference Information
CVE: CVE-2021-22288
CWE: 20
ICSA: 22-097-02