CVE-2022-41903 git CVE debrief

Who should care

ABB M2M Gateway ARM600 and ABB M2M Gateway SW operators, OT/ICS administrators, network security teams, and anyone responsible for remote access, VPN termination, firewall policy, or device hardening in ABB-connected environments.

Technical summary

In the supplied source, CVE-2022-41903 is mapped to ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3. The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a network-reachable issue requiring low privileges, with high impact if successful. The advisory text says exploitation could lead to RCE by an authenticated attacker. The corpus does not provide a specific fixed version or patch, so the record should be treated as exposure-reduction and hardening guidance rather than a confirmed remediation bulletin.

Defensive priority

High for any exposed or remotely administered deployments. Prioritize systems that are internet-reachable, accept remote administration, or lack strong network segmentation. Because the corpus does not list a fixed release, immediate priority should be containment: reduce reachable services, restrict VPN and firewall paths, and verify whether the ABB product mapping and version range apply to your environment.

Recommended defensive actions

• Avoid exposing any system component to the internet; if exposure is unavoidable, restrict external access to the VPN port only.
• Use a private cellular APN or a DMZ design to terminate internet-facing connections away from the core OT network.
• Apply firewall allowlisting so only required ports, protocols, and source/destination hosts are permitted.
• Change default ARM600 and Arctic wireless gateway credentials to strong non-default passwords and do not reuse passwords.
• Follow the vendor Cyber Security Deployment Guideline and User Manual for installation, operation, and decommissioning hardening.
• Keep supporting configuration PCs updated, virus-scanned, and dedicated where possible before connecting them to OT systems.
• Maintain tested backups with revision control and secure storage.
• Use continuous monitoring and remove unused services, accounts, ports, and communication links where possible, then verify the affected ABB version mapping against the vendor and CISA references.

Evidence notes

The source corpus is a CISA CSAF advisory (ICSA-25-105-08) published on 2025-04-07 and mapped to ABB M2M Gateway ARM600 and ABB M2M Gateway SW. The affected ranges listed in the metadata are ARM600 firmware 4.1.2 through 5.0.3 and SW 5.0.1 through 5.0.3. The same corpus also includes remediation text centered on network exposure reduction, credential hardening, backups, monitoring, and vendor guidance. A notable inconsistency exists: the vulnerability description references Git archive and git log --format heap overflow behavior, which does not obviously align with the ABB ARM600 product context, so the product/CVE linkage should be validated before operational action.

Official resources