Vulnerability Details CVE-2022-0902
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.238
EPSS Ranking 95.7%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2022-0902
-
cpe:2.3:h:abb:rmc-100-lite:-
-
cpe:2.3:h:abb:rmc-100:-
-
cpe:2.3:h:abb:udc:-
-
cpe:2.3:h:abb:uflog5:-
-
cpe:2.3:h:abb:xfcg5:-
-
cpe:2.3:h:abb:xio:-
-
cpe:2.3:h:abb:xrcg5:-
-
cpe:2.3:o:abb:rmc-100-lite_firmware:-
-
cpe:2.3:o:abb:rmc-100_firmware:-
-
cpe:2.3:o:abb:udc_firmware:-
-
cpe:2.3:o:abb:uflog5_firmware:-
-
cpe:2.3:o:abb:xfcg5_firmware:-
-
cpe:2.3:o:abb:xio_firmware:-
-
cpe:2.3:o:abb:xrcg5_firmware:-