ABB EIBPORT

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-03.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. A firmware update is available that resolves these privately reported vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited these vulnerabilities could access sensitive information stored inside the device and can change the configuration of the device. /strong /p p The following versions of ABB EIBPORT are affected: /p ul li EIBPORT V3 KNX (2CLA963710W1001) lt;3.9.2 /li li EIBPORT V3 KNX (2CSM256242R2001) lt;3.9.2 /li li EIBPORT V3 KNX GSM (2CLA963720W1001) lt;3.9.2 /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8 /td td ABB /td td ABB EIBPORT /td td Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing, Information Technology /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2021-22291 /a /h3 div class="csaf-accordion-content" p The vulnerability allows the successful attacker to receive a copy of the session id. /p p a href="https://www.cve.org/CVERecord?id=CVE-2021-22291" View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB EIBPORT /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br ABB /div div class="ics-version" strong Product Version: /strong br EIBPORT V3 KNX (2CLA963710W1001) Version lt;3.9.2, EIBPORT V3 KNX (2CSM256242R2001) Version lt;3.9.2, EIBPORT V3 KNX GSM (2CLA963720W1001) version lt; 3.9.2 /div div class="ics-status" strong Product Status: /strong br fixed, known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br ABB recommends that customers apply the update at the earliest convenience. /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/79.html" CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Sc