CVE-2021-22284 – CVE-2021-22284 is an incorrect permission assig... (How to Fix)

Q: What is the severity of CVE-2021-22284?

CVE-2021-22284 has a CVSS score of 8.4 (HIGH). CVE-2021-22284 is an incorrect permission assignment vulnerability in ABB's OPC Server for AC 800M that allows attackers to execute arbitrary code on the server node. This affects industrial control systems using vulnerable versions of the AC 800M OPC Server software. Attackers can potentially gain full control of the industrial controller.

📋 TL;DR

CVE-2021-22284 is an incorrect permission assignment vulnerability in ABB's OPC Server for AC 800M that allows attackers to execute arbitrary code on the server node. This affects industrial control systems using vulnerable versions of the AC 800M OPC Server software. Attackers can potentially gain full control of the industrial controller.

💻 Affected Systems

Products:

ABB OPC Server for AC 800M

Versions: All versions prior to 6.1.1-1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where OPC Server for AC 800M is installed and running. Industrial control systems in critical infrastructure sectors are particularly at risk.

📦 What is this software?

Opc Server For Ac 800m by Abb

View all CVEs affecting Opc Server For Ac 800m →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control system allowing attackers to manipulate physical processes, cause equipment damage, disrupt operations, or establish persistence in OT networks.

🟠

Likely Case

Attackers gain code execution on OPC server node, potentially compromising other connected systems, stealing sensitive industrial data, or disrupting operations.

🟢

If Mitigated

Limited impact due to network segmentation, proper access controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: MEDIUM - While industrial systems shouldn't be internet-facing, misconfigurations could expose them. Exploitation requires network access to the OPC server.

🏢 Internal Only: HIGH - Industrial networks often have flat architectures, allowing lateral movement from compromised IT systems to vulnerable OT systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires network access to the OPC server and knowledge of the system. No public exploit code is available, but the vulnerability is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 6.1.1-1

Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=7PAA000908&LanguageCode=en&DocumentPartId=&Action=Launch

Restart Required: Yes

Instructions:

1. Download patch from ABB's security advisory. 2. Backup current configuration. 3. Stop OPC Server service. 4. Apply the update. 5. Restart the service. 6. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate OPC Server from untrusted networks and implement strict firewall rules.

Access Control Hardening

windows

Apply principle of least privilege to OPC Server service account and file permissions.

🧯 If You Can't Patch

Implement strict network segmentation to isolate OPC Server from other networks
Deploy intrusion detection systems and monitor for suspicious OPC traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check OPC Server version in Control Panel > Programs and Features. Versions below 6.1.1-1 are vulnerable.

Check Version:

wmic product where name="OPC Server for AC 800M" get version

Verify Fix Applied:

Verify version is 6.1.1-1 or higher and test OPC connectivity and functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual OPC Server service restarts
Failed authentication attempts to OPC Server
Unexpected process creation from OPC Server

Network Indicators:

Unusual OPC traffic patterns
OPC connections from unexpected IP addresses
OPC enumeration attempts

SIEM Query:

source="windows" AND (event_id=4688 OR event_id=4625) AND process_name="*opc*"

📊 Metadata

CVE ID: CVE-2021-22284

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-732

Published: February 4, 2022

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22284, you might also want to check these: