PatchSiren cyber security CVE debrief
CVE-2022-24999 ABB CVE debrief
CVE-2022-24999 is a high-severity availability issue in ABB RMC-100 and RMC-100 LITE web UI REST interface components. According to the CISA CSAF advisory published on 2025-03-11, a specially crafted message can cause the Node process to hang, requiring the REST interface to be disabled and re-enabled to restore service. ABB lists fixed customer packages for both affected product lines.
- Vendor
- ABB
- Product
- RMC-100
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-03-11
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-03-11
Who should care
ABB RMC-100 and RMC-100 LITE operators, OT/ICS administrators, and teams responsible for the availability of remote controller or flow computer web interfaces should prioritize this advisory. It is especially relevant where the REST interface is exposed on operational networks or where service interruption would affect monitoring or control workflows.
Technical summary
The advisory states that the vulnerability exists in the web UI (REST interface) included in affected ABB RMC-100 and RMC-100 LITE versions. An attacker who can send a specially crafted message to the web UI node can cause a Node process hang, creating a denial-of-service condition for the REST interface until it is restarted (disable/enable). The supplied CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, reflecting a network-reachable availability impact.
Defensive priority
High. The issue is remotely reachable and affects service availability, which can be operationally significant in industrial environments. Remediation is available from ABB, so patching and exposure reduction should be treated as a priority rather than relying only on compensating controls.
Recommended defensive actions
- Apply ABB's fixed customer package versions as soon as practical: RMC-100 Customer Package 2105452-048 and RMC-100 LITE Customer Package 2106260-017.
- Verify whether any affected RMC-100 or RMC-100 LITE devices are present in your environment and map them to the impacted part ranges listed in the advisory.
- Restrict network access to the web UI/REST interface using segmentation and allowlisting where operationally feasible.
- Monitor for REST interface hangs or unexpected service restarts and include the interface in availability monitoring.
- If immediate patching is not possible, apply compensating controls from CISA's industrial control systems guidance and vendor-recommended operational practices.
- Validate the update process in a maintenance window and confirm service restoration procedures for disable/enable restart scenarios.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-084-01 for ABB RMC-100, which describes the REST interface hang condition and lists affected and fixed product versions. The vendor remediation entry states the corrected versions and recommends applying the update at the earliest convenience. The severity and attack characteristics are supported by the supplied CVSS vector and score.
Official resources
-
CVE-2022-24999 CVE record
CVE.org
-
CVE-2022-24999 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the CSAF advisory ICSA-25-084-01 on 2025-03-11, and the supplied source record shows the same publication and modification timestamps. No Known Exploited Vulnerabilities (KEV) entry was supplied for this CVE in the provided材料