Lucene search

[email protected]CVE-2022-0902

HistoryJul 21, 2022 - 4:15 p.m.

CVE-2022-0902

2022-07-2116:15:08

CWE-77

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-0902

path traversal

command injection

abb

flow computer

remote controller

rmc-100

xio

xfcg5

xrcg5

uflog5

udc

nvd

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.1%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.

Affected configurations

NVD

Node

abbrmc-100_firmwareRange<2105457-037

AND

abbrmc-100Match-

Node

abbrmc-100-lite_firmwareRange<2106229-011

AND

abbrmc-100-liteMatch-

Node

abbxio_firmwareRange<2106198-008

AND

abbxioMatch-

Node

abbxfcg5_firmwareRange<2105805-016

AND

abbxfcg5Match-

Node

abbxrcg5_firmwareRange<2105864-016

AND

abbxrcg5Match-

Node

abbuflog5_firmwareRange<2105298-024

AND

abbuflog5Match-

Node

abbudc_firmwareRange<2106177-007

AND

abbudcMatch-

CPENameOperatorVersion
abb:rmc-100_firmwareabb rmc-100 firmwarelt2105457-037

CPE	Name	Operator	Version
abb:rmc-100_firmware	abb rmc-100 firmware	lt	2105457-037

CNA Affected

[
  {
    "product": "RMC-100 (Standard)",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "2105457-037",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RMC-100-LITE",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "2106229-011",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "XIO",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "2106198-008",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "XFCG5 ",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "2105805-016",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "XRCG5 ",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "2105864-016",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "uFLOG5 ",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "2105298-024",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "UDC",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "2106177-007",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]