PatchSiren cyber security CVE debrief
CVE-2023-22809 ABB CVE debrief
CVE-2023-22809 is a sudoedit flaw that can let a local attacker append extra files to the edit list via SUDO_EDITOR, VISUAL, or EDITOR, creating a path to privilege escalation. In CISA advisory ICSA-25-105-08, the issue is mapped to ABB M2M Gateway ARM600 and ABB M2M Gateway SW, with affected versions called out in the advisory published on 2025-04-07.
- Vendor
- ABB
- Product
- ABB M2M Gateway ARM600
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
Operators, administrators, and security teams responsible for ABB M2M Gateway ARM600 and ABB M2M Gateway SW versions listed in the advisory should treat this as a high-priority local privilege-escalation issue. It matters most where local logins, maintenance access, or adjacent administrative accounts exist on the gateway or supporting engineering systems.
Technical summary
The source description says sudoedit (-e) mishandles extra arguments supplied through user-controlled environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing arbitrary entries to be appended to the list of files to process. CISA’s advisory ties CVE-2023-22809 to ABB M2M Gateway ARM600 firmware 4.1.2 through 5.0.3 and ABB M2M Gateway SW 5.0.1 through 5.0.3. The provided CVSS vector is 7.8 HIGH (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating a local attack with low privileges and no user interaction.
Defensive priority
High. The flaw is locally exploitable and can result in full confidentiality, integrity, and availability impact on affected systems, so it should be prioritized for remediation on any reachable ABB ARM600 or related support environment.
Recommended defensive actions
- Confirm whether any ABB M2M Gateway ARM600 or ABB M2M Gateway SW instances in your environment fall within the affected version ranges listed in CISA ICSA-25-105-08.
- Apply ABB and CISA-published mitigation guidance from the advisory and associated manuals, and track vendor updates for affected systems.
- Restrict local and administrative access using least privilege; use administrator/root privileges only when required.
- Avoid exposing the ARM600 or related components directly to the internet; if external connectivity is required, use the vendor-recommended VPN/DMZ/private APN approaches from the advisory.
- Use firewall allowlisting and remove unnecessary communication paths, ports, services, and user accounts.
- Keep supporting engineering/configuration PCs updated, scan transferred files and firmware with current AV signatures, and validate backups regularly.
- Use continuous monitoring and follow ABB/CISA industrial control system hardening and deployment guidance referenced in the advisory.
Evidence notes
Evidence is drawn from the supplied CISA CSAF advisory ICSA-25-105-08, published 2025-04-07, and the CVE/NVD records linked in the source corpus. The advisory explicitly states the sudoedit environment-variable handling issue and identifies ABB M2M Gateway ARM600 firmware 4.1.2 through 5.0.3 and ABB M2M Gateway SW 5.0.1 through 5.0.3 as affected. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C. No KEV entry is present in the supplied data.
Official resources
-
CVE-2023-22809 CVE record
CVE.org
-
CVE-2023-22809 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory disclosure in the supplied corpus is dated 2025-04-07 via CISA ICSA-25-105-08; the corpus does not provide a separate exploitation timeline or KEV listing.