PatchSiren cyber security CVE debrief
CVE-2022-42703 ABB CVE debrief
CVE-2022-42703 is a Linux kernel use-after-free in mm/rmap.c related to leaf anon_vma double re-use. In the supplied CISA/ABB advisory, it is mapped to ABB M2M Gateway ARM600 firmware 4.1.2 through 5.0.3 and ABB M2M Gateway SW 5.0.1 through 5.0.3. The advisory indicates the issue could cause a system crash or elevation of privileges, with local exploitation and high privileges required.
- Vendor
- ABB
- Product
- ABB M2M Gateway ARM600
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
OT/ICS operators using ABB M2M Gateway ARM600 or ABB M2M Gateway SW, especially teams responsible for firmware/software inventory, network segmentation, and access control. Vulnerability management, plant security, and Linux platform administrators supporting these gateways should also review exposure.
Technical summary
The supplied advisory describes a Linux kernel flaw before 5.19.7 in mm/rmap.c involving a use-after-free tied to leaf anon_vma double re-use. The CVSS vector (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) indicates local access is needed, privileges are high, and the primary impact is availability, with potential privilege escalation noted in the advisory text. CISA’s CSAF mapping identifies ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW 5.0.1 through 5.0.3 as affected.
Defensive priority
Medium
Recommended defensive actions
- Inventory ABB M2M Gateway ARM600 and ABB M2M Gateway SW deployments and confirm whether any instance falls within the affected version ranges listed in the advisory.
- Apply ABB/CISA mitigations: avoid exposing the system to the internet, use a private APN where possible, and expose only necessary VPN connectivity if internet access is unavoidable.
- Use firewall allowlisting and, where appropriate, a DMZ to segregate external connections from the ARM600 environment.
- Restrict administrative and root access to only what is required, and keep default credentials replaced with strong non-default passwords.
- Monitor for instability, crashes, or anomalous behavior and maintain verified backups so recovery is possible if availability is affected.
- Follow ABB product cybersecurity deployment guidance and CISA ICS defense-in-depth recommendations for hardening, patch governance, and supporting workstation hygiene.
Evidence notes
The evidence corpus is the CISA CSAF advisory ICSA-25-105-08 and its linked ABB/CISA references. The advisory explicitly states: "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double re-use" and maps that issue to ABB M2M Gateway ARM600 firmware versions 4.1.2 <= 5.0.3 and ABB M2M Gateway SW software versions 5.0.1 <= 5.0.3. The supplied CVSS vector (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) supports a local, high-privilege attack path with high availability impact.
Official resources
-
CVE-2022-42703 CVE record
CVE.org
-
CVE-2022-42703 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published and modified dates supplied in the source corpus are 2025-04-07T10:30:00.000Z for both the CVE record and the CISA CSAF advisory. The underlying Linux kernel issue predates the advisory; the advisory is the source of the ABB ARM60