PatchSiren cyber security CVE debrief
CVE-2022-23521 git CVE debrief
CISA’s 2025 advisory for CVE-2022-23521 ties the issue to ABB M2M Gateway ARM600 and ABB M2M Gateway SW, while the vulnerability description states it arises from Git attributes parsing and could enable integer overflow leading to code execution or denial of service. For defenders, the practical takeaway is to verify exposure of the listed ABB products, apply the vendor guidance in the advisory, and reduce network reachability around the affected systems.
- Vendor
- git
- Product
- SCALANCE XCH328 (6GK5328-4TS01-2EC2)
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-13
- Original CVE updated
- 2024-02-13
- Advisory published
- 2024-02-13
- Advisory updated
- 2024-02-13
Who should care
OT/ICS operators using ABB M2M Gateway ARM600 or ABB M2M Gateway SW, especially teams responsible for remote access, firewalling, VPN termination, and administrative credential hygiene.
Technical summary
The supplied advisory describes a flaw associated with Git attributes parsing that can result in integer overflow and potential authenticated code execution or denial of service. In the CSAF product tree, ABB identifies affected products as ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3. The advisory’s mitigations emphasize limiting Internet exposure, restricting open ports, using private APN or DMZ patterns where appropriate, enforcing allowlisting firewall rules, changing default credentials, minimizing privileged access, and maintaining monitoring and backup practices.
Defensive priority
High for environments running the affected ABB versions, because the advisory combines remote-network exposure concerns with a high-severity CVSS score and recommends layered mitigations rather than a simple patch-only path.
Recommended defensive actions
- Identify whether any ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 or ABB M2M Gateway SW versions 5.0.1 through 5.0.3 are deployed.
- Limit Internet exposure; if remote connectivity is required, open only the minimum necessary VPN-related access and avoid exposing other system components.
- Use a private cellular APN or a DMZ-based termination design where applicable to keep remote connections off the public Internet path.
- Apply strict firewall allowlisting so only required ports, protocols, and source/destination hosts are permitted.
- Replace default credentials with strong unique passwords and minimize use of administrator/root privileges.
- Keep supporting engineering/configuration PCs updated and virus-scan files before transferring them to OT systems.
- Maintain backups and validate them regularly so recovery is possible if service disruption occurs.
- Use continuous monitoring and OT hardening practices to detect anomalies and reduce attack surface.
Evidence notes
All dates in this debrief are taken from the supplied advisory metadata and timeline fields; the source item was first published on 2025-04-07T10:30:00Z and not earlier generation time. The source advisory states that the vulnerability description is about Git attributes parsing and integer overflow, but the affected product tree names ABB M2M Gateway ARM600 and ABB M2M Gateway SW with the version ranges above. The advisory lists mitigations focused on network segregation, access restriction, credential hardening, monitoring, and backup practices. No KEV entry, due date, or ransomware-campaign linkage is provided in the supplied corpus.
Official resources
-
CVE-2022-23521 CVE record
CVE.org
-
CVE-2022-23521 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF advisory on 2025-04-07T10:30:00Z. The advisory’s revision history shows an initial version 1.0.0 on that date.