HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical XSS in ABB EIBPORT (CVE‑2021‑22291) Exposes Session IDs and Enables Configuration Tampering

ABB EIBPORT firmware versions prior to 3.9.2 contain a cross‑site scripting flaw (CVE‑2021‑22291) that allows attackers to capture session identifiers and alter device settings. The issue affects building‑automation and industrial control deployments worldwide, creating a supply‑chain risk for manufacturers and service providers.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
cisa.gov

Critical XSS in ABB EIBPORT (CVE‑2021‑22291) Exposes Session IDs and Enables Configuration Tampering

What It Is – A cross‑site scripting (XSS) flaw (CVE‑2021‑22291) in ABB EIBPORT firmware allows an attacker to capture the device’s session identifier and, subsequently, modify its configuration. The vulnerability scores 8.0 (CVSS v3.1), placing it in the High severity tier.

Exploitability – The XSS vector is publicly known; proof‑of‑concept code exists in public repositories. No active exploit reports in the wild yet, but the low barrier to weaponisation (browser‑based injection) makes exploitation plausible.

Affected Products – ABB EIBPORT V3 KNX (2CLA963710W1001), V3 KNX (2CSM256242R2001) and V3 KNX GSM (2CLA963720W1001) versions < 3.9.2.

TPRM Impact – These devices are embedded in building‑automation, smart‑grid, and manufacturing control systems worldwide. A compromised EIBPORT can leak internal network topology, expose credentials, and allow malicious re‑configuration that could cascade to downstream suppliers or customers.

Recommended Actions

  • Apply ABB’s firmware update (≥ 3.9.2) immediately on all deployed EIBPORT units.
  • Conduct an inventory sweep to confirm no legacy versions remain in production.
  • Verify that network segmentation isolates EIBPORT from critical IT assets; enforce least‑privilege access controls.
  • Review session‑management policies for web‑based interfaces and enforce secure cookie attributes (HttpOnly, Secure, SameSite).

Source: CISA Advisory – ICSA‑26‑148‑03

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-03

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →