CVE-2023-29007 git CVE debrief

Who should care

ABB M2M Gateway ARM600 and ABB M2M Gateway SW operators, OT/ICS administrators, engineers who manage device configuration from Git-based workflows, and teams responsible for site PCs, backup systems, and remote administration paths should review this advisory. Environments running the affected versions named by CISA—ARM600 firmware 4.1.2 through 5.0.3 and SW 5.0.1 through 5.0.3—should prioritize exposure reduction and configuration hardening.

Technical summary

The source advisory describes a path where a malicious .gitmodules file with an oversized submodule URL can exploit a section-copy/rename bug and cause unintended configuration entries to be written into a user's Git config. In the affected ABB products, that matters because injected config keys can be interpreted as commands or external executables. The supplied CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, which means exploitation is not framed as unauthenticated network attack in the scoring data; local access, low privileges, and user interaction are involved.

Defensive priority

High

Recommended defensive actions

• Inventory ABB M2M Gateway ARM600 and ABB M2M Gateway SW deployments and confirm whether any instance is in the affected version ranges listed in the advisory.
• Treat the affected versions as high priority for mitigation review, especially where Git-based configuration handling, site PCs, or engineering workstations are used.
• Reduce exposure of management and administration paths: avoid exposing system components to the internet, use a private cellular APN where feasible, and terminate remote access through a segmented DMZ or VPN-only path as
• Apply firewall allowlisting so only required hosts, ports, and protocols can reach the ARM600 or related management services.
• Harden administrator workflows: use non-default credentials, strong unique passwords, and least privilege for root or administrator tasks.
• Scan configuration PCs and transferred files for malware before connecting them to the OT environment, and keep those PCs updated.
• Maintain tested backups of device configurations and firmware, and store them securely with role-based access controls.
• Follow ABB's Cyber Security Deployment Guideline and User Manual for installation, operation, and decommissioning practices, and enable continuous monitoring for anomalies.

Evidence notes

All product scope, version ranges, and mitigation guidance come from the supplied CISA CSAF advisory ICSA-25-105-08 and its referenced ABB materials. The vulnerability description is taken from the supplied advisory text, which attributes the issue to crafted .gitmodules content and a bug in config.c::git_config_copy_or_rename_section_in_file(). Timing context uses the advisory/CVE published and modified date of 2025-04-07; no KEV data or exploitation-in-the-wild claim is present in the supplied corpus.

Official resources