Path Traversal Vulnerability (CVE-2022-0902) in ABB Flow Computer and Remote Controllers

Description

UPDATE 2022/11/16: Updated the Appendix for a link to Outbreak Alert.


FortiGuard Labs is aware a path-traversal vulnerability (CVE-2022-0902) that affects ABB Totalflow flow computers and remote controllers widely used by oil and gas utility companies. Successfully exploiting the vulnerability allows an attacker to inject and execute arbitrary code. The vulnerability is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers.


Why is this Significant?

This is significant because the new vulnerability (CVE-2022-0902) affects ABB TotalFlow flow computers and remote controllers widely used by oil and gas utility companies. ABB TotalFlow is used to calculate oil and gas volume and flow rates and is also used for billing and other purposes.

By successfully exploiting the vulnerability, an attacker may be able to hinder affected oil and gas companies' abilities to correctly measure oil and gas flow, which may lead to safety issues and interruption of business.


What is CVE-2022-0902?

CVE-2022-0902 is a path-traversal vulnerability (CVE-2022-0902) in ABB TotalFlow flow computers and remote controllers. The vulnerability allows an attacker to gain access to restricted directories in ABB flow computers leading to arbitrary code execution in an affected system node.


CVE-2022-0902 has a CVSS score of 8.1.


What Products are Affected by the Vulnerability?

According to the advisory issued by ABB, the following products are affected by the vulnerability:

• RMC-100

• RMC100L ITE

• XIO

• XFCG5

• XRCG5

• uFLOG5

• UDC


All versions of the products without the latest update are vulnerable to CVE-2022-0902.


Is CVE-2022-0902 being Exploited in the Wild?

FortiGuard Labs is not aware that CVE-2022-0902 is exploited in the wild.


Has the Vendor Released an Advisory?

Yes. Please see the Appendix for a link to "ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access CVE ID: CVE-2022-0902".


Has the Vendor Released a Patch?

Yes, the vendor released a firmware update.


What is the Status of Protection?

FortiGuard Labs is currently investigating protection for CVE-2022-0902. We will update this Threat Signal when protection becomes available.


Any Suggested Mitigation?

The advisory issued by ABB includes mitigation and workarounds information. See the Appendix for a link to "ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access CVE ID: CVE-2022-0902".