CVE-2021-22283

Summary

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.

Affected Software

VendorProductVersion RangeStatus
ABBRelion protection relays - 611 series1.0.0 < 2.0.3affected
ABBRelion protection relays - 615 series IEC 4.0 FP14.1.0 < 4.1.9affected
ABBRelion protection relays - 615 series CN 4.0 FP14.1.0 < 4.1.8affected
ABBRelion protection relays - 615 series IEC 5.05.0.0 < 5.0.12affected
ABBRelion protection relays - 615 series IEC 5.0 FP15.1.0 < 5.1.20affected
ABBRelion protection relays - 620 series IEC/CN 2.02.0.0 < 2.0.11affected
ABBRelion protection relays - 620 series IEC/CN 2.0 FP12.1.0 < 2.1.15affected
ABBRelion protection relays - REX640 PCL11.0.0 < 1.0.8affected
ABBRelion protection relays - REX640 PCL21.1.0 < 1.1.4affected
ABBRelion protection relays - REX640 PCL31.2.0 < 1.2.1affected
ABBRelion protection relays - RER6152.0.0 < 2.0.3affected
ABBRemote Monitoring and Control - REC6151.0.0 < 2.0.3affected
ABBMerging Unit- SMU6151.0.0 < 1.0.2affected

Weaknesses

  • CWE-665: CWE-665 Improper Initialization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References