CVE-2022-0902

CVSS V2 None CVSS V3 Critical 9.8
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.
Overview
  • CVE ID
  • CVE-2022-0902
  • Assigner
  • cybersecurity@ch.abb.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-07-21T16:15:08
  • Last Modified Date
  • 2022-07-28T18:56:05
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:abb:rmc-100_firmware:*:*:*:*:*:*:*:* 1 OR 2105457-037
cpe:2.3:h:abb:rmc-100:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:abb:rmc-100-lite_firmware:*:*:*:*:*:*:*:* 1 OR 2106229-011
cpe:2.3:h:abb:rmc-100-lite:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:abb:xio_firmware:*:*:*:*:*:*:*:* 1 OR 2106198-008
cpe:2.3:h:abb:xio:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:abb:xfcg5_firmware:*:*:*:*:*:*:*:* 1 OR 2105805-016
cpe:2.3:h:abb:xfcg5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:abb:xrcg5_firmware:*:*:*:*:*:*:*:* 1 OR 2105864-016
cpe:2.3:h:abb:xrcg5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:abb:uflog5_firmware:*:*:*:*:*:*:*:* 1 OR 2105298-024
cpe:2.3:h:abb:uflog5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:abb:udc_firmware:*:*:*:*:*:*:*:* 1 OR 2106177-007
cpe:2.3:h:abb:udc:-:*:*:*:*:*:*:* 0 OR
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
History
Created Old Value New Value Data Type Notes
2022-07-21 17:00:04 Added to TrackCVE