{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T14:02:49.528","vulnerabilities":[{"cve":{"id":"CVE-2022-0902","sourceIdentifier":"cybersecurity@ch.abb.com","published":"2022-07-21T16:15:08.610","lastModified":"2024-11-21T06:39:38.050","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node."},{"lang":"es","value":"Una Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido (\"Salto de Ruta\"), una Neutralización Inadecuada de Elementos Especiales Usados en un Comando (\"Inyección de Comandos\") vulnerabilidad en los productos de ordenador de flujo y controlador remoto de ABB (RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) permite a un atacante que explota con éxito esta vulnerabilidad pueda insertar y ejecutar código arbitrario en un nodo del sistema afectado"}],"metrics":{"cvssMetricV31":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-77"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:abb:rmc-100_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2105457-037","matchCriteriaId":"CA243091-CEE0-44E7-AFA6-F4C9D340A1DE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:abb:rmc-100:-:*:*:*:*:*:*:*","matchCriteriaId":"15A6DBE0-3674-4E21-A8FD-E6596B675269"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:abb:rmc-100-lite_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2106229-011","matchCriteriaId":"C2B83556-9ED0-4485-926E-ADBDD8E26D88"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:abb:rmc-100-lite:-:*:*:*:*:*:*:*","matchCriteriaId":"582A346B-3E06-4E78-B0D5-9367AB7A67D6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:abb:xio_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2106198-008","matchCriteriaId":"4F09812E-71E7-4D66-8F00-6E2E5A2595F9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:abb:xio:-:*:*:*:*:*:*:*","matchCriteriaId":"17226DD8-9346-492E-B1B7-69088B264D3E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:abb:xfcg5_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2105805-016","matchCriteriaId":"45EFC140-3365-43A3-B412-001298DC0BAC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:abb:xfcg5:-:*:*:*:*:*:*:*","matchCriteriaId":"C52898CC-B612-47E1-B742-5694112CF803"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:abb:xrcg5_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2105864-016","matchCriteriaId":"96218B5B-79E5-40D5-ACBA-718EFCF1141F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:abb:xrcg5:-:*:*:*:*:*:*:*","matchCriteriaId":"F93E581C-470A-453B-96B9-8294A9D35895"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:abb:uflog5_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2105298-024","matchCriteriaId":"1F597B0D-31CD-4F37-8396-128C82D2BF17"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:abb:uflog5:-:*:*:*:*:*:*:*","matchCriteriaId":"37E0FC3A-0436-4E3C-95B0-5BA2BDF29887"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:abb:udc_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2106177-007","matchCriteriaId":"3FA49A84-213C-46FC-AD17-CB7EAD6BD90C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:abb:udc:-:*:*:*:*:*:*:*","matchCriteriaId":"6BC9B8EF-6F59-41DD-8359-2E2A0F8E1903"}]}]}],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0927&LanguageCode=en&DocumentPartId=&Action=Launch&_ga","source":"cybersecurity@ch.abb.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0927&LanguageCode=en&DocumentPartId=&Action=Launch&_ga","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}