PatchSiren cyber security CVE debrief
CVE-2021-25220 ISC CVE debrief
CVE-2021-25220 is a DNS trust issue in ABB M2M Gateway ARM600 and ABB M2M Gateway SW. According to the CISA/ABB advisory, when forwarders are used, bogus NS records supplied by or through those forwarders may be cached and later reused by named if it needs to recurse, which can lead to incorrect DNS answers. The advisory says this can result in DNS cache poisoning and may cause denial of service or information disclosure by an authenticated attacker.
- Vendor
- ISC
- Product
- ABB M2M Gateway
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
Operators and administrators of ABB M2M Gateway ARM600 and ABB M2M Gateway SW deployments, especially environments that use DNS forwarders or rely on named for recursion. OT teams should care because the affected products are industrial gateway components and the advisory explicitly calls out network-level mitigation steps.
Technical summary
The source advisory identifies affected ABB products as ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3. The weakness arises when named uses forwarders: bogus NS records received from or via those forwarders may be cached and then reused during recursion, causing incorrect answers to be passed on. The supplied CVSS vector is AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N with a score of 6.8, indicating a network-reachable issue that requires high privileges and can impact integrity in the assessed model.
Defensive priority
Medium. Patch or mitigate promptly if affected products use DNS forwarders or recursive name service, but the advisory also states the ARM600 system is not dependent on DNS by default, which may reduce exposure in some deployments.
Recommended defensive actions
- Confirm whether any ABB ARM600 or ABB M2M Gateway SW systems are running affected versions 4.1.2 through 5.0.3 or 5.0.1 through 5.0.3.
- If name service is not required, block TCP/UDP port 53 at the firewall as recommended in the advisory.
- Review DNS forwarder and recursion configurations to ensure only trusted, necessary DNS paths are allowed.
- Apply vendor guidance from the ABB user documentation and CISA advisory before making changes in production OT environments.
- Use general ICS defense-in-depth practices and security recommendations referenced by CISA and ABB to reduce blast radius if DNS trust is abused.
Evidence notes
The core vulnerability description, affected products, and mitigation guidance all come from the supplied CISA CSAF advisory ICSA-25-105-08 for ABB M2M Gateway. The advisory lists ABB M2M Gateway ARM600 firmware versions 4.1.2 <= 5.0.3 and ABB M2M Gateway SW software versions 5.0.1 <= 5.0.3 as affected, and explicitly recommends blocking TCP/UDP port 53 if DNS is not used. The supplied metadata also includes the official CVE and NVD links for cross-reference.
Official resources
-
CVE-2021-25220 CVE record
CVE.org
-
CVE-2021-25220 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA/ABB advisory released on 2025-04-07 for CVE-2021-25220 (ICSA-25-105-08).