PatchSiren cyber security CVE debrief
CVE-2022-25147 Apache Software Foundation CVE debrief
ABB’s ARM600 M2M Gateway is affected by CVE-2022-25147, an Apache Portable Runtime utility flaw in the base64 family of functions. The issue can trigger an out-of-bounds write when a very long string is encoded or decoded, which may allow data modification or denial of service. CISA’s advisory was published on 2025-04-07 and lists affected ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3.
- Vendor
- Apache Software Foundation
- Product
- ABB M2M Gateway
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
ABB ARM600 operators, OT/ICS administrators, network defenders, and incident response teams responsible for ABB M2M Gateway deployments and remote-access pathways.
Technical summary
The vulnerability is described as an integer overflow in Apache Portable Runtime base64 encoding/decoding logic. When very long strings are processed, the overflow can lead to an out-of-bounds write. In the supplied advisory, the network attack vector is rated low-complexity with no privileges and no user interaction required, and the expected impact is limited to integrity and availability (data modification or denial of service).
Defensive priority
Medium. Prioritize if affected ABB M2M Gateway ARM600 or SW versions are deployed, especially where remote access, VPN termination, or internet exposure is present.
Recommended defensive actions
- Inventory ABB M2M Gateway ARM600 and ABB M2M Gateway SW instances and confirm whether they fall within the affected version ranges listed in the advisory.
- Follow ABB and CISA exposure-reduction guidance: avoid exposing system components to the internet, use a private cellular APN where possible, and terminate internet-based remote access in a DMZ when applicable.
- Restrict inbound connectivity with firewall allowlisting and permit only required ports, protocols, and source/destination hosts.
- Use VPN for required remote administration, and keep only the VPN port exposed if internet access is unavoidable.
- Change default credentials, use strong unique passwords, and limit administrator/root use to task-required cases only.
- Apply continuous monitoring and intrusion detection/prevention to detect anomalous behavior around the gateway and its connected OT services.
- Keep supporting engineering/configuration PCs updated and virus-scanned, and validate backups for device configurations and firmware-related assets.
- Consult ABB product documentation and the CISA advisory for the vendor’s recommended remediation path and operating guidance for the affected versions.
Evidence notes
The supplied CISA CSAF advisory ICSA-25-105-08, published 2025-04-07, attributes the flaw to an Apache Portable Runtime base64-family integer overflow that can cause an out-of-bounds write. The advisory lists two affected ABB product entries: ARM600 firmware 4.1.2 <= 5.0.3 and ABB M2M Gateway SW 5.0.1 <= 5.0.3. The source corpus also provides ABB manuals and deployment guidance that support the mitigation recommendations, but no explicit fixed version is stated in the supplied text.
Official resources
-
CVE-2022-25147 CVE record
CVE.org
-
CVE-2022-25147 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in advisory ICSA-25-105-08 on 2025-04-07; no KEV listing was provided in the supplied corpus.