// For flags

CVE-2022-0902

ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.

Una Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta"), una Neutralización Inadecuada de Elementos Especiales Usados en un Comando ("Inyección de Comandos") vulnerabilidad en los productos de ordenador de flujo y controlador remoto de ABB (RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) permite a un atacante que explota con éxito esta vulnerabilidad pueda insertar y ejecutar código arbitrario en un nodo del sistema afectado

*Credits: ABB thanks Vera Mens at Claroty Research for helping to identify the vulnerabilities and protecting our customers.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-03-09 CVE Reserved
  • 2022-07-21 CVE Published
  • 2024-02-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Abb
Search vendor "Abb"
Rmc-100 Firmware
Search vendor "Abb" for product "Rmc-100 Firmware"
< 2105457-037
Search vendor "Abb" for product "Rmc-100 Firmware" and version " < 2105457-037"
-
Affected
in Abb
Search vendor "Abb"
Rmc-100
Search vendor "Abb" for product "Rmc-100"
--
Safe
Abb
Search vendor "Abb"
Rmc-100-lite Firmware
Search vendor "Abb" for product "Rmc-100-lite Firmware"
< 2106229-011
Search vendor "Abb" for product "Rmc-100-lite Firmware" and version " < 2106229-011"
-
Affected
in Abb
Search vendor "Abb"
Rmc-100-lite
Search vendor "Abb" for product "Rmc-100-lite"
--
Safe
Abb
Search vendor "Abb"
Xio Firmware
Search vendor "Abb" for product "Xio Firmware"
< 2106198-008
Search vendor "Abb" for product "Xio Firmware" and version " < 2106198-008"
-
Affected
in Abb
Search vendor "Abb"
Xio
Search vendor "Abb" for product "Xio"
--
Safe
Abb
Search vendor "Abb"
Xfcg5 Firmware
Search vendor "Abb" for product "Xfcg5 Firmware"
< 2105805-016
Search vendor "Abb" for product "Xfcg5 Firmware" and version " < 2105805-016"
-
Affected
in Abb
Search vendor "Abb"
Xfcg5
Search vendor "Abb" for product "Xfcg5"
--
Safe
Abb
Search vendor "Abb"
Xrcg5 Firmware
Search vendor "Abb" for product "Xrcg5 Firmware"
< 2105864-016
Search vendor "Abb" for product "Xrcg5 Firmware" and version " < 2105864-016"
-
Affected
in Abb
Search vendor "Abb"
Xrcg5
Search vendor "Abb" for product "Xrcg5"
--
Safe
Abb
Search vendor "Abb"
Uflog5 Firmware
Search vendor "Abb" for product "Uflog5 Firmware"
< 2105298-024
Search vendor "Abb" for product "Uflog5 Firmware" and version " < 2105298-024"
-
Affected
in Abb
Search vendor "Abb"
Uflog5
Search vendor "Abb" for product "Uflog5"
--
Safe
Abb
Search vendor "Abb"
Udc Firmware
Search vendor "Abb" for product "Udc Firmware"
< 2106177-007
Search vendor "Abb" for product "Udc Firmware" and version " < 2106177-007"
-
Affected
in Abb
Search vendor "Abb"
Udc
Search vendor "Abb" for product "Udc"
--
Safe