CVE-2021-22283
CVE-2021-22283 is a medium-severity vulnerability in Abb Smu615 Firmware with a CVSS 3.x base score of 6.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-665.
Key facts
- Severity: Medium (CVSS 3.x base score 6.2)
- EPSS exploit prediction: 0% (7th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-665
- Affected product: Abb Smu615 Firmware
- Published:
- Last modified:
Description
Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.
Frequently asked questions
- What is CVE-2021-22283?
- Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.
- How severe is CVE-2021-22283?
- CVE-2021-22283 has a CVSS 3.x base score of 6.2, rated medium severity. It is exploitable over local access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2021-22283 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (7th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-22283?
- CVE-2021-22283 primarily affects Abb Smu615 Firmware. In total, 19 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2021-22283?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2021-22283 published?
- CVE-2021-22283 was published on 2023-02-28 and last updated on 2026-06-17.
References
Affected products (19)
- cpe:2.3:o:abb:smu615_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:rec615_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:rer615_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:evd4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:ref615r_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:rex640_pcl3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:rex640_pcl2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:rex640_pcl1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:rer620_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:relion_611_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:ref615_iec_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:ref615_ansi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:red615_iec_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:relion_615_iec_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:relion_615_cn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:relion_615_ansi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:relion_620_iec_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:relion_620_cn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:relion_620_ansi_firmware:*:*:*:*:*:*:*:*
Other CWE-665 (Improper Initialization) vulnerabilities
- CVE-2021-33635 — Critical (CVSS 9.8): When malicious images are pulled by isula pull, attackers can execute arbitrary code.
- CVE-2022-37128 — Critical (CVSS 9.8): In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
- CVE-2021-41264 — Critical (CVSS 9.8): OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using…
- CVE-2019-10196 — Critical (CVSS 9.8): A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option…
- CVE-2015-8367 — Critical (CVSS 9.8): The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute…
- CVE-2019-14271 — Critical (CVSS 9.8): In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the…
Browse all CWE-665 (Improper Initialization) vulnerabilities →