CVE-2023-25652 git CVE debrief

Who should care

ABB ARM600 operators, OT/ICS administrators, remote access and maintenance teams, and any security team responsible for ABB M2M Gateway systems or associated update/configuration workflows.

Technical summary

The CISA CSAF advisory for ABB M2M Gateway identifies a file-overwrite condition associated with `git apply --reject`. According to the advisory text, an authenticated attacker can provide specially crafted input that causes a path outside the working tree to be overwritten with partially controlled content. The source material links this to potential arbitrary code execution. Affected products are listed as ABB M2M Gateway ARM600 firmware 4.1.2 <= 5.0.3 and ABB M2M Gateway SW 5.0.1 <= 5.0.3. The supplied record does not include a vendor patch note or a KEV designation.

Defensive priority

High for exposed or remotely managed ABB ARM600 environments, especially where configuration/update workflows are used by privileged operators. The issue is scored HIGH (CVSS 7.5) in the supplied data and may enable code execution if exploited in a trusted administrative context.

Recommended defensive actions

• Inventory ABB M2M Gateway ARM600 and ABB M2M Gateway SW deployments and compare installed versions against the affected ranges in the advisory.
• Restrict access to administrative and update workflows so only trusted, authenticated users can reach them.
• Avoid exposing system components to the internet; if internet connectivity is unavoidable, limit exposure to the minimum required VPN service as described in the advisory.
• Apply firewall allowlisting and segregate the system in a DMZ or private APN architecture where feasible, following the advisory’s mitigation guidance.
• Review configuration and update handling processes for any use of `git apply --reject` or similar patch-application workflows, and limit who can perform them.
• Change default credentials, use strong non-default passwords, and minimize use of root/administrator privileges.
• Scan supporting PCs and transferred configuration or firmware files with up-to-date anti-malware tools before they are introduced to OT environments.
• Maintain verified backups and validate restore procedures for ABB-related configurations and systems.

Evidence notes

Primary evidence comes from the CISA CSAF advisory ICSA-25-105-08 and its referenced ABB product documentation. The advisory explicitly states the overwrite condition, the potential for arbitrary code execution, and the affected product/version ranges. The supplied record also includes mitigation guidance focused on reducing internet exposure, enforcing allowlisting, strengthening credentials, monitoring, and backup hygiene. No KEV entry or active exploitation claim is present in the supplied corpus.

Official resources