ABB SPIET800 and PNI800

Plan Patch7.5ICS-CERT ICSA-22-097-02Apr 7, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB SPIET800 and PNI800 firmware versions A_B and earlier contain flaws (CWE-372, CWE-241, CWE-400) that allow an attacker to send crafted packets that cause the affected device to become unresponsive and require manual reboot. This results in a denial-of-service condition for any process dependent on the device. ABB has planned firmware updates (SPIET800 version A_C or later, PNI800 version B_0 or later) for Q2 2022, but no patches are currently available. No known public exploits exist at the time of this advisory.

What this means

What could happen

An attacker could send crafted packets to cause the SPIET800 or PNI800 device to become unresponsive, triggering a denial-of-service condition that requires manual reboot and interrupts whatever process the device controls (such as industrial communication, data collection, or control signaling).

Who's at risk

Operators of ABB SPIET800 (industrial communication modules or gateways) and PNI800 (process or network interface devices) should assess whether these devices are deployed in their control systems. Any production process that depends on these devices for communication or control signaling is at risk of unplanned downtime if a device crashes and requires manual recovery.

How it could be exploited

An attacker with network access to the affected device sends specially crafted packets that trigger a processing error in the firmware. The device crashes and stops responding to normal commands, remaining offline until manually rebooted. No credentials or authentication are required.

Prerequisites

Network access to the device on its listening port
Device running vulnerable firmware version A_B or earlier

remotely exploitableno authentication requiredlow complexityno patch availablecauses denial of service

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SPIET800: Firmware≤ A BA_C or later

PNI800: Firmware≤ A BB_0 or later

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to SPIET800 and PNI800 devices by implementing firewall rules to allow only authorized management and process communication traffic

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SPIET800 to firmware version A_C or later when available (ABB planned Q2 2022 release)

HOTFIXUpdate PNI800 to firmware version B_0 or later when available (ABB planned Q2 2022 release)

Long-term hardening

0/2

HARDENINGIsolate control system networks containing these devices from the business network using network segmentation or air-gapping

HARDENINGVerify device connectivity and establish a process to reboot devices quickly if they become unresponsive

CVEs (3)

CVE-2021-22285 CVE-2021-22286 CVE-2021-22288

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9d1a216a-1ff4-4e40-b86d-8283f1395218