PatchSiren cyber security CVE debrief
CVE-2022-38177 ISC CVE debrief
CVE-2022-38177 is an availability-focused vulnerability in ABB M2M Gateway products. According to the CISA CSAF advisory, an attacker who can spoof the target resolver with malformed ECDSA signature responses can trigger a small memory leak; repeated abuse may gradually consume memory until named crashes from lack of resources. The advisory published on 2025-04-07 identifies affected ABB M2M Gateway ARM600 firmware and ABB M2M Gateway SW versions and recommends blocking DNS traffic when name service is not needed.
- Vendor
- ISC
- Product
- ABB M2M Gateway
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
ABB M2M Gateway operators, OT/ICS administrators, and security teams responsible for ARM600 deployments or ABB M2M Gateway SW installations. This is especially relevant where DNS/name service is enabled or where the device is exposed to hostile network paths that could permit resolver spoofing.
Technical summary
The issue is triggered by crafted resolver responses containing a malformed ECDSA signature. The described effect is a small memory leak in named, which can be repeated until available memory is depleted and the service crashes due to resource exhaustion. The provided CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable availability impact with no confidentiality or integrity impact stated in the advisory.
Defensive priority
High for affected ABB M2M Gateway environments, because the vulnerability is network-exploitable and can lead to service crash via resource exhaustion. Priority is highest where DNS/name service is enabled or cannot be tightly controlled.
Recommended defensive actions
- Inventory ABB M2M Gateway ARM600 and ABB M2M Gateway SW deployments and compare them against the affected ranges in the advisory: ARM600 firmware 4.1.2 through 5.0.3 and ABB M2M Gateway SW 5.0.1 through 5.0.3.
- If name service is not used on the system, block TCP/UDP port 53 with a firewall as recommended in the advisory.
- Review ABB's general security recommendations and the linked CISA ICS guidance for defense-in-depth measures.
- Restrict who can send or influence DNS/resolver traffic to the affected device, especially on OT networks.
- Monitor for unexplained memory growth or named instability that could indicate repeated exploitation attempts.
- Track vendor guidance for any fixed releases or additional remediation steps not included in the provided corpus.
Evidence notes
All statements are based on the supplied CISA CSAF advisory for ICSA-25-105-08 and the vendor references embedded in that advisory. The advisory text explicitly says malformed ECDSA signature responses can trigger a small memory leak and that the leak can erode memory until named crashes for lack of resources. The remediation text explicitly recommends blocking port 53 if name service is not used. The supplied corpus does not state a patched version or a KEV listing.
Official resources
-
CVE-2022-38177 CVE record
CVE.org
-
CVE-2022-38177 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-25-105-08 and the associated CVE record on 2025-04-07T10:30:00.000Z.