CVE-2021-22288

SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module

Description

Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.

Remediation

Solution:

  • ABB advises all customers to review their installations to determine if they are using an impacted product as listed above. – SPIET800 devices with firmware version A_B or earlier are affected. All the vulnerabilities will be corrected in version A_C or later. – PNI800 devices with firmware version A_B or earlier are affected. All the vulnerabilities will be corrected in version B_0 or later.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.54%
Vendor Advisory abb.com
Affected: ABB SPIET800
Affected: ABB PNI800
Published at:
Updated at:

References

Link Tags
https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-22288?
CVE-2021-22288 has been scored as a high severity vulnerability.
How to fix CVE-2021-22288?
To fix CVE-2021-22288: ABB advises all customers to review their installations to determine if they are using an impacted product as listed above. – SPIET800 devices with firmware version A_B or earlier are affected. All the vulnerabilities will be corrected in version A_C or later. – PNI800 devices with firmware version A_B or earlier are affected. All the vulnerabilities will be corrected in version B_0 or later.
Is CVE-2021-22288 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-22288 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-22288?
CVE-2021-22288 affects ABB SPIET800, ABB PNI800.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.