What is CVE-2022-0902?

CVE-2022-0902 is a vulnerability related to improper limitation of a pathname to a restricted directory and command injection in ABB flow computer and remote controller products.

How severe is CVE-2022-0902?

CVE-2022-0902 has a severity rating of 9.8 (critical).

Which ABB products are affected by CVE-2022-0902?

The ABB products affected by CVE-2022-0902 include RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5, and UDC.

What is the recommended fix for CVE-2022-0902?

ABB has provided a firmware update to address the vulnerability. Please refer to the official ABB advisory for more details.

Where can I find more information about CVE-2022-0902?

You can find more information about CVE-2022-0902 in the ABB advisory available at [link].

Vulnerability/
CVE-2022-0902

critical

9.8

CWE

22 77

21/7/2022

17/9/2024

CVE-2022-0902: ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access

First published: Thu Jul 21 2022(Updated: )

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.

Credit: cybersecurity@ch.abb.com

Affected Software	Affected Version	How to fix
Abb Rmc-100 Firmware	<2105457-037
Abb Rmc-100
Abb Rmc-100-lite Firmware	<2106229-011
Abb Rmc-100-lite
Abb Xio Firmware	<2106198-008
Abb Xio
Abb Xfcg5 Firmware	<2105805-016
Abb Xfcg5
Abb Xrcg5 Firmware	<2105864-016
Abb Xrcg5
Abb Uflog5 Firmware	<2105298-024
Abb Uflog5
Abb Udc Firmware	<2106177-007
Abb Udc

Never miss a vulnerability like this again

Reference Links

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0927&LanguageCode=en&DocumentPartId=&Action=Launch&_ga

Frequently Asked Questions

What is CVE-2022-0902?
CVE-2022-0902 is a vulnerability related to improper limitation of a pathname to a restricted directory and command injection in ABB flow computer and remote controller products.
How severe is CVE-2022-0902?
CVE-2022-0902 has a severity rating of 9.8 (critical).
Which ABB products are affected by CVE-2022-0902?
The ABB products affected by CVE-2022-0902 include RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5, and UDC.
What is the recommended fix for CVE-2022-0902?
ABB has provided a firmware update to address the vulnerability. Please refer to the official ABB advisory for more details.
Where can I find more information about CVE-2022-0902?
You can find more information about CVE-2022-0902 in the ABB advisory available at [link].

collector/nvd-index
agent/weakness
agent/type
collector/mitre-cve
source/MITRE
agent/title
agent/author
agent/severity
agent/references
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/event
agent/description
agent/tags
vendor/abb
canonical/abb rmc-100 firmware
canonical/abb rmc-100
canonical/abb rmc-100-lite firmware
canonical/abb rmc-100-lite
canonical/abb xio firmware
canonical/abb xio
canonical/abb xfcg5 firmware
canonical/abb xfcg5
canonical/abb xrcg5 firmware
canonical/abb xrcg5
canonical/abb uflog5 firmware
canonical/abb uflog5
canonical/abb udc firmware
canonical/abb udc

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.