CVE-2022-0902
ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.
Una Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta"), una Neutralización Inadecuada de Elementos Especiales Usados en un Comando ("Inyección de Comandos") vulnerabilidad en los productos de ordenador de flujo y controlador remoto de ABB (RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) permite a un atacante que explota con éxito esta vulnerabilidad pueda insertar y ejecutar código arbitrario en un nodo del sistema afectado
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-09 CVE Reserved
- 2022-07-21 CVE Published
- 2024-02-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Abb Search vendor "Abb" | Rmc-100 Firmware Search vendor "Abb" for product "Rmc-100 Firmware" | < 2105457-037 Search vendor "Abb" for product "Rmc-100 Firmware" and version " < 2105457-037" | - |
Affected
| in | Abb Search vendor "Abb" | Rmc-100 Search vendor "Abb" for product "Rmc-100" | - | - |
Safe
|
| Abb Search vendor "Abb" | Rmc-100-lite Firmware Search vendor "Abb" for product "Rmc-100-lite Firmware" | < 2106229-011 Search vendor "Abb" for product "Rmc-100-lite Firmware" and version " < 2106229-011" | - |
Affected
| in | Abb Search vendor "Abb" | Rmc-100-lite Search vendor "Abb" for product "Rmc-100-lite" | - | - |
Safe
|
| Abb Search vendor "Abb" | Xio Firmware Search vendor "Abb" for product "Xio Firmware" | < 2106198-008 Search vendor "Abb" for product "Xio Firmware" and version " < 2106198-008" | - |
Affected
| in | Abb Search vendor "Abb" | Xio Search vendor "Abb" for product "Xio" | - | - |
Safe
|
| Abb Search vendor "Abb" | Xfcg5 Firmware Search vendor "Abb" for product "Xfcg5 Firmware" | < 2105805-016 Search vendor "Abb" for product "Xfcg5 Firmware" and version " < 2105805-016" | - |
Affected
| in | Abb Search vendor "Abb" | Xfcg5 Search vendor "Abb" for product "Xfcg5" | - | - |
Safe
|
| Abb Search vendor "Abb" | Xrcg5 Firmware Search vendor "Abb" for product "Xrcg5 Firmware" | < 2105864-016 Search vendor "Abb" for product "Xrcg5 Firmware" and version " < 2105864-016" | - |
Affected
| in | Abb Search vendor "Abb" | Xrcg5 Search vendor "Abb" for product "Xrcg5" | - | - |
Safe
|
| Abb Search vendor "Abb" | Uflog5 Firmware Search vendor "Abb" for product "Uflog5 Firmware" | < 2105298-024 Search vendor "Abb" for product "Uflog5 Firmware" and version " < 2105298-024" | - |
Affected
| in | Abb Search vendor "Abb" | Uflog5 Search vendor "Abb" for product "Uflog5" | - | - |
Safe
|
| Abb Search vendor "Abb" | Udc Firmware Search vendor "Abb" for product "Udc Firmware" | < 2106177-007 Search vendor "Abb" for product "Udc Firmware" and version " < 2106177-007" | - |
Affected
| in | Abb Search vendor "Abb" | Udc Search vendor "Abb" for product "Udc" | - | - |
Safe
|