PatchSiren cyber security CVE debrief
CVE-2022-42898 ABB CVE debrief
CVE-2022-42898 is a high-severity advisory affecting ABB M2M Gateway ARM600 and ABB M2M Gateway SW deployments listed in the supplied CSAF source. The source describes the issue as PAC parsing in krb5 with integer overflows that may lead to denial of service. The advisory focuses on exposure reduction and OT hardening measures, and the supplied corpus does not include a fixed version or patch release.
- Vendor
- ABB
- Product
- ABB M2M Gateway ARM600
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
OT and industrial network operators, ABB M2M Gateway administrators, and asset owners running ARM600 firmware 4.1.2 through 5.0.3 or ABB M2M Gateway SW 5.0.1 through 5.0.3—especially if remote access, VPN termination, or any internet-facing exposure is in place.
Technical summary
The CISA CSAF advisory ICSA-25-105-08 published on 2025-04-07 maps CVE-2022-42898 to ABB M2M Gateway ARM600 and ABB M2M Gateway SW. The advisory text states that PAC parsing in krb5 has integer overflows that may lead to denial of service. Affected products listed in the source are ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW software versions 5.0.1 through 5.0.3. The source set provides mitigation guidance rather than a definitive remediation version.
Defensive priority
High for any affected deployment, and especially high where the device is remotely reachable or internet-exposed. Even though the plain-English description emphasizes denial of service, service interruption in OT environments can have operational impact beyond the host itself.
Recommended defensive actions
- Confirm whether any ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 or ABB M2M Gateway SW versions 5.0.1 through 5.0.3 are deployed.
- Avoid exposing the ARM600 or other system components to the internet; if exposure is unavoidable, restrict access so only the VPN port is open.
- Use a private cellular APN where feasible so traffic does not traverse the public internet.
- Apply firewall allowlisting: explicitly permit only required ports and protocols, and block everything else.
- If internet WAN transport is used for VPN tunnels, terminate connections in a segregated DMZ rather than directly on the ARM600 network segment.
- Change default credentials, use unique strong passwords, and limit administrator/root use to tasks that require it.
- Follow ABB cyber security deployment guidance and user manuals, keep supporting PCs updated, and virus-scan files before transferring them to the OT environment.
- Maintain validated backups and use continuous monitoring or intrusion detection to spot anomalous activity early.
Evidence notes
All product/version and mitigation statements are drawn from the supplied CISA CSAF advisory source item and its ABB references. The source explicitly lists affected ABB M2M Gateway ARM600 and ABB M2M Gateway SW version ranges, describes PAC parsing in krb5 integer overflows leading to denial of service, and provides mitigation guidance centered on network exposure reduction, firewall allowlisting, DMZ use, credential hygiene, monitoring, and backups. No fixed version or patch release is present in the supplied corpus.
Official resources
-
CVE-2022-42898 CVE record
CVE.org
-
CVE-2022-42898 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This debrief is based on the supplied CISA CSAF advisory ICSA-25-105-08, which was published and last modified on 2025-04-07T10:30:00Z. The supplied corpus does not include a vendor patch announcement or a fixed version; it documents mitigc