Vulnerability Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abb | Rmc-100 Firmware | < 2105457-037 |
| Abb | Rmc-100 | - |
| Abb | Rmc-100-Lite Firmware | < 2106229-011 |
| Abb | Rmc-100-Lite | - |
| Abb | Xio Firmware | < 2106198-008 |
| Abb | Xio | - |
| Abb | Xfcg5 Firmware | < 2105805-016 |
| Abb | Xfcg5 | - |
| Abb | Xrcg5 Firmware | < 2105864-016 |
| Abb | Xrcg5 | - |
| Abb | Uflog5 Firmware | < 2105298-024 |
| Abb | Uflog5 | - |
| Abb | Udc Firmware | < 2106177-007 |
| Abb | Udc | - |
Related Weaknesses (CWE)
References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0927&LanguageMitigationVendor Advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0927&LanguageMitigationVendor Advisory
FAQ
What is CVE-2022-0902?
CVE-2022-0902 is a vulnerability with a CVSS score of 8.1 (HIGH). Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and r...
How severe is CVE-2022-0902?
CVE-2022-0902 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0902?
Check the references section above for vendor advisories and patch information. Affected products include: Abb Rmc-100 Firmware, Abb Rmc-100, Abb Rmc-100-Lite Firmware, Abb Rmc-100-Lite, Abb Xio Firmware.