PatchSiren cyber security CVE debrief
CVE-2022-38178 ISC CVE debrief
CVE-2022-38178 is a high-severity availability issue in ABB M2M Gateway products. According to the CISA CSAF advisory, an attacker who can spoof the target resolver and send responses with a malformed EdDSA signature can trigger a small memory leak. Repeated triggering may gradually exhaust memory until named crashes for lack of resources. The supplied advisory also notes a practical mitigation: if name service is not used, block TCP/UDP port 53 by firewall.
- Vendor
- ISC
- Product
- ABB M2M Gateway
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
ABB ARM600 and ABB M2M Gateway operators, OT/ICS defenders, network/security teams managing DNS exposure, and incident responders responsible for availability monitoring in industrial environments.
Technical summary
The vulnerability is described as a network-exploitable resource exhaustion condition. The advisory states that spoofed resolver responses carrying a malformed EdDSA signature can induce a small memory leak. Over time, that leak can erode available memory until named fails due to lack of resources. The affected products listed in the advisory are ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable denial-of-service condition with no confidentiality or integrity impact in the provided data.
Defensive priority
High
Recommended defensive actions
- Identify whether ABB M2M Gateway ARM600 or ABB M2M Gateway SW is deployed, and confirm the exact firmware/software version against the affected ranges in the advisory.
- If name service/DNS is not required for the system, block TCP and UDP port 53 at the firewall as recommended by ABB/CISA.
- Review vendor guidance in the linked ABB and CISA advisories for remediation or upgrade options applicable to your deployment.
- Monitor affected systems for unexpected memory growth, named instability, and service restarts that could indicate ongoing resource exhaustion.
- Apply OT network segmentation and restrictive ACLs so only required hosts can reach DNS-related services.
- Validate compensating controls in change windows typical for industrial environments before making firewall or service changes.
Evidence notes
All substantive claims come from the supplied CISA CSAF source item for ICSA-25-105-08, published 2025-04-07, and its referenced ABB/CISA materials. The advisory explicitly describes the malformed-EdDSA-spoofing memory leak, the potential for named to crash due to lack of resources, the affected product/version ranges, and the DNS port-blocking mitigation. The supplied enrichment marks this as not listed in CISA KEV.
Official resources
-
CVE-2022-38178 CVE record
CVE.org
-
CVE-2022-38178 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF advisory ICSA-25-105-08 on 2025-04-07. The supplied enrichment indicates this CVE is not in CISA KEV.