ABB M2M Gateway

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 8.8
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: ABB
• Equipment: M2M Gateway
• Vulnerabilities: Integer Overflow or Wraparound, Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’), Unquoted Search Path or Element, Untrusted Search Path, Use After Free, Out-of-bounds Write, Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’), Missing Release of Memory after Effective Lifetime, Allocation of Resources Without Limits or Throttling, Improper Privilege Management, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’), Improper Restriction of Operations within the Bounds of a Memory Buffer, Incorrect Calculation of Buffer Size, Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’), Access of Resource Using Incompatible Type (‘Type Confusion’), Improper Input Validation, Uncontrolled Resource Consumption, Observable Discrepancy, Generation of Error Message Containing Sensitive Information, Improper Authentication, Improper Validation of Integrity Check Value, Inadequate Encryption Strength, Improper Removal of Sensitive Information Before Storage or Transfer, Exposure of Sensitive Information to an Unauthorized Actor

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to stop the product, make it inaccessible, take remote control of it, or insert and run arbitrary code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

ABB reports that the following products are affected:

• M2M Gateway ARM600: Versions 4.1.2 up to and including 5.0.3
• M2M Gateway SW: Versions 5.0.1 up to and including 5.0.3

3.2 VULNERABILITY OVERVIEW

3.2.1 INTEGER OVERFLOW OR WRAPAROUND CWE-190

A vul

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.