medium
6.2
CWE
665
Advisory Published
Updated

CVE-2021-22283: MMS File Transfer Vulnerability impact on Distribution Automation products

First published: Tue Feb 28 2023(Updated: )

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.

Credit: cybersecurity@ch.abb.com

Affected SoftwareAffected VersionHow to fix
ABB SMU615<1.0.2
Abb Smu615 Firmware
ABB REC615 Firmware<2.0.3
ABB Relion 615
ABB RER615<2.0.3
ABB RER615
Abb EVD4 Firmware
Abb EVD4 Firmware
ABB Ref615R
ABB Ref615 IEC
ABB REX640 PCL3 Firmware<1.2.1
ABB REX640 PCL3 Firmware
ABB REX640 PCL2 Firmware<1.1.4
ABB REX640 PCL2 Firmware
ABB REX640 PCL1 Firmware<1.0.8
ABB REX640 PCL1 Firmware
ABB Relion 620
Abb Rer620 Firmware
Abb Relion 611 Firmware<2.0.3
Abb Relion 611 Firmware
Abb Ref615 Iec Firmware
ABB Ref615R=1.0
ABB REF615 ANSI
ABB REF615 ANSI Firmware=1.0
ABB Ref615R=1.1
ABB Red615 IEC Firmware
ABB Red615 IEC Firmware=1.1
ABB REF615 ANSI Firmware=1.1
ABB REC615 Firmware
ABB Relion 615=2.0
ABB Relion 615=3.0
ABB Relion 615=4.0
Abb Relion 615 Cn Firmware
ABB Relion 615=2.0
ABB Relion 615=3.0
ABB Relion 615=3.1
ABB Relion 615=4.0
ABB Relion 615=5.0-fp1
ABB Relion 615 ANSI
ABB Relion 615 ANSI=2.0
ABB Relion 615 ANSI=4.0
ABB Relion 615 ANSI=4.0-fp1
ABB Relion 615 ANSI=4.0-fp2
ABB Relion 615 ANSI=5.0-fp1
ABB REC615 Firmware<4.1.9
ABB Relion 615=4.0-fp1
Abb Relion 615 Cn Firmware<4.1.8
ABB Relion 615=4.0-fp1
ABB REC615 Firmware<5.0.12
ABB Relion 615=5.0
ABB REC615 Firmware<5.1.20
ABB Relion 615=5.0-fp1
ABB Relion 620 IEC<2.0.11
ABB Relion 620 IEC Firmware=2.0
ABB Relion 620 Cn<2.0.11
ABB Relion 620=2.0
Abb Relion 620 Ansi Firmware
ABB Relion 620 IEC
ABB Relion 620 IEC<2.1.15
ABB Relion 620 IEC Firmware=2.0-fp1
ABB Relion 620 Cn<2.1.15
ABB Relion 620=2.0-fp1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-22283?

    The CVE-2021-22283 vulnerability has a severity rating of medium, indicating a moderate level of risk.

  • How do I fix CVE-2021-22283?

    To address CVE-2021-22283, you should update to the latest firmware version specified in the vendor's advisory.

  • What products are affected by CVE-2021-22283?

    CVE-2021-22283 affects several ABB Relion protection relays, specifically models in the 611 and 615 series.

  • Is there a workaround for CVE-2021-22283?

    Currently, there are no known workarounds for CVE-2021-22283; updating the firmware is the recommended solution.

  • When was CVE-2021-22283 reported?

    CVE-2021-22283 was reported in 2021, highlighting an improper initialization issue.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203