CVE-2022-0902
HIGHABB RMC-100, RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5, UDC Firmware - Path Traversal and Command Injection
Title source: llmDescription
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0927&LanguageCode=en&DocumentPartId=&Action=Launch&_ga
Scores
CVSS v3
8.1
EPSS
0.0225
EPSS Percentile
84.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
CWE-77
Status
published
Products (7)
abb/rmc-100-lite_firmware
< 2106229-011
abb/rmc-100_firmware
< 2105457-037
abb/udc_firmware
< 2106177-007
abb/uflog5_firmware
< 2105298-024
abb/xfcg5_firmware
< 2105805-016
abb/xio_firmware
< 2106198-008
abb/xrcg5_firmware
< 2105864-016
Published
Jul 21, 2022
Tracked Since
Feb 18, 2026