PatchSiren cyber security CVE debrief
CVE-2022-41974 ABB CVE debrief
CVE-2022-41974 is a HIGH-severity local privilege-escalation issue in ABB M2M Gateway ARM600 and related ABB M2M Gateway SW. According to CISA’s CSAF advisory published on 2025-04-07, a local user who can write to UNIX domain sockets may bypass access controls, manipulate the multipath setup, and potentially gain root privileges.
- Vendor
- ABB
- Product
- ABB M2M Gateway ARM600
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
OT/ICS operators running ABB M2M Gateway ARM600 or ABB M2M Gateway SW in environments where local access, service accounts, or adjacent systems could interact with UNIX domain sockets. Security teams responsible for industrial network segmentation, host hardening, and privileged access control should prioritize this advisory.
Technical summary
The supplied advisory describes a logic flaw in keyword handling where arithmetic ADD is used instead of bitwise OR, allowing repeated keywords to be mishandled. The result is an access-control bypass affecting ABB M2M Gateway ARM600 firmware 4.1.2 through 5.0.3 and ABB M2M Gateway SW 5.0.1 through 5.0.3. The attack requires local write access to UNIX domain sockets and can lead to local privilege escalation to root. The provided CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
High
Recommended defensive actions
- Identify all ABB M2M Gateway ARM600 and ABB M2M Gateway SW deployments and confirm whether they fall within the affected version ranges.
- Review ABB and CISA guidance for product-specific mitigation or upgrade instructions before making changes in production.
- Reduce exposure by avoiding internet-facing placement of the ARM600; if exposure is unavoidable, only publish the VPN service and keep other services closed.
- Apply strict firewall allowlisting and segment OT networks so only required hosts and ports can reach the system.
- Prefer a private cellular APN or DMZ termination where applicable to keep remote access paths off the public internet.
- Limit root or administrator use to essential tasks and remove unnecessary accounts, services, and communication links.
- Use continuous monitoring and intrusion detection/prevention to watch for abnormal local service or socket activity.
- Ensure supporting engineering PCs are patched, scanned for malware, and protected with backups and role-based access controls.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory (ICSA-25-105-08) and linked ABB/CISA reference materials. The advisory was published on 2025-04-07 and lists affected ABB M2M Gateway ARM600 and ABB M2M Gateway SW version ranges, the UNIX domain socket access-control bypass description, and mitigation guidance focused on exposure reduction and hardening. The supplied corpus does not include a definitive fixed-version announcement or evidence of exploitation in the wild.
Official resources
-
CVE-2022-41974 CVE record
CVE.org
-
CVE-2022-41974 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the CSAF advisory on 2025-04-07. The supplied corpus indicates ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3 are affected. No KEV listing was included in the.