PatchSiren cyber security CVE debrief
CVE-2022-29154 ABB CVE debrief
CVE-2022-29154 is a remote file-overwrite vulnerability affecting ABB M2M Gateway products, including ARM600. According to the CISA CSAF advisory published on 2025-04-07, a malicious rsync server can overwrite arbitrary files in the rsync client target directory and subdirectories. The advisory assigns CVSS 3.1 6.8 MEDIUM, with network access, low privileges, no user interaction, and high integrity and availability impact. For OT environments, this is most concerning where the affected gateway is reachable from less-trusted networks or used for remote administration.
- Vendor
- ABB
- Product
- ABB M2M Gateway ARM600
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
OT and industrial network defenders using ABB M2M Gateway ARM600 or ABB M2M Gateway SW, especially systems that support rsync-based transfers, remote administration, or any deployment with internet exposure.
Technical summary
The advisory describes a remote arbitrary file write inside the directories of connecting peers. In practice, a malicious rsync server can cause the client to overwrite files in the target directory and its subdirectories. CISA lists affected ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3. The supplied CVSS vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:W/RC:C.
Defensive priority
Medium priority overall, but high priority for any exposed or remotely managed ABB M2M Gateway deployment because the impact includes arbitrary file overwrite and potential service disruption.
Recommended defensive actions
- Identify whether ABB M2M Gateway ARM600 or ABB M2M Gateway SW is in use, and determine whether any installed versions fall within the affected ranges listed in the advisory.
- Reduce exposure: avoid exposing system components to the internet; if internet access is required, restrict it to the minimum necessary ports and use VPN or a DMZ as described by ABB.
- Apply strict firewall allowlisting so only required hosts, ports, and protocols can reach the gateway.
- Use a private cellular APN or other segregated WAN design where feasible so remote sites do not require open internet-facing ports.
- Follow ABB cyber security deployment and user guidance, and validate that configuration or firmware-transfer workflows are scanned and monitored for unexpected file changes.
- Maintain known-good backups and test restoration so accidental or malicious overwrites can be recovered quickly.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-105-08 and its linked references. The advisory text states that a malicious rsync server can overwrite arbitrary files in the client target directory and subdirectories. It also enumerates the affected ABB M2M Gateway ARM600 and ABB M2M Gateway SW version ranges and provides the CVSS 3.1 vector and score. The advisory was published and modified on 2025-04-07, which is the advisory date, not the original CVE year.
Official resources
-
CVE-2022-29154 CVE record
CVE.org
-
CVE-2022-29154 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-25-105-08 and the source CSAF record on 2025-04-07. The CVE identifier is CVE-2022-29154, so the vulnerability predates the advisory publication date.