CVE-2022-0902
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
21/07/2022
Last modified:
27/06/2023
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:abb:rmc-100_firmware:*:*:*:*:*:*:*:* | 2105457-037 (excluding) | |
| cpe:2.3:h:abb:rmc-100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:abb:rmc-100-lite_firmware:*:*:*:*:*:*:*:* | 2106229-011 (excluding) | |
| cpe:2.3:h:abb:rmc-100-lite:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:abb:xio_firmware:*:*:*:*:*:*:*:* | 2106198-008 (excluding) | |
| cpe:2.3:h:abb:xio:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:abb:xfcg5_firmware:*:*:*:*:*:*:*:* | 2105805-016 (excluding) | |
| cpe:2.3:h:abb:xfcg5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:abb:xrcg5_firmware:*:*:*:*:*:*:*:* | 2105864-016 (excluding) | |
| cpe:2.3:h:abb:xrcg5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:abb:uflog5_firmware:*:*:*:*:*:*:*:* | 2105298-024 (excluding) | |
| cpe:2.3:h:abb:uflog5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:abb:udc_firmware:*:*:*:*:*:*:*:* | 2106177-007 (excluding) | |
| cpe:2.3:h:abb:udc:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page