CVE-2012-4929 ABB CVE debrief

Who should care

ABB ARM600 and ABB M2M Gateway SW operators, OT/network security teams, and administrators who allow TLS-protected traffic with compression on externally reachable or semi-trusted links. This matters most where HTTP headers, session tokens, or other secrets could be present in TLS-encrypted requests and where a man-in-the-middle position is plausible.

Technical summary

The core issue is TLS compression side-channel leakage, not a memory corruption or code-execution flaw. According to the CISA CSAF entry, the affected ABB products are ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3. The advisory’s CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N, reflecting a network-reachable confidentiality issue with high attack complexity and no integrity or availability impact. The practical risk is information disclosure through length analysis during repeated guesses against HTTP header material carried in TLS-protected sessions.

Defensive priority

Medium-low. The score and vector indicate limited confidentiality impact and high attack complexity, but the issue deserves attention wherever TLS compression could still be enabled on exposed paths or legacy integrations.

Recommended defensive actions

• Confirm whether TLS compression is enabled anywhere in the ARM600 or ABB M2M Gateway SW deployment; disable compression where possible.
• Avoid exposing the ARM600 or related components directly to the Internet; if remote access is required, restrict exposure to the minimum VPN port(s) only.
• Use a private cellular APN or DMZ-based termination path if remote connectivity is necessary, so the system is not Internet-facing.
• Apply firewall allowlisting so only required hosts, ports, and protocols are permitted.
• Change default credentials and use strong, unique passwords for administrative access.
• Use dedicated, updated engineering/configuration PCs and scan transferred files and firmware before introducing them into the OT environment.
• Follow ABB’s product security deployment guidance and CISA industrial control system best practices, including continuous monitoring and periodic backup validation.

Evidence notes

The supplied CISA CSAF advisory (ICSA-25-105-08) states the vulnerability description verbatim as a TLS 1.2-and-earlier compression length-leak issue enabling a MITM attacker to obtain plaintext HTTP headers through length differences during repeated guesses. It lists ABB M2M Gateway ARM600 firmware 4.1.2 <= 5.0.3 and ABB M2M Gateway SW 5.0.1 <= 5.0.3 as affected products. The advisory also supplies mitigations centered on avoiding Internet exposure, using VPN/DMZ segregation, allowlisting firewall rules, strong credentials, and broader OT hardening practices. The CVSS vector provided in the source is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N, with CVSS score 3.7 and severity LOW. The CVE and advisory dates in this dataset are 2025-04-07 and should be treated as publication timing for the advisory record, not the original invention date of CRIME.

Official resources