CVE-2022-0947
📋 TL;DR
This vulnerability in ABB ARG600 Wireless Gateway series allows remote attackers to connect to serial port gateways and protocol converters depending on configuration. It affects industrial control systems using these devices for wireless communication in critical infrastructure.
💻 Affected Systems
- ABB ARG600 Wireless Gateway series
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of industrial control systems, allowing attackers to manipulate physical processes, disrupt operations, or cause equipment damage.
Likely Case
Unauthorized access to serial communications, enabling data interception, manipulation of industrial protocols, or disruption of industrial processes.
If Mitigated
Limited impact with proper network segmentation and access controls, potentially only affecting isolated systems.
🎯 Exploit Status
Remote exploitation possible without authentication depending on configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific firmware versions
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=2NGA001253&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Download firmware update from ABB portal. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Verify update successful. 5. Restart device.
🔧 Temporary Workarounds
Network Segmentation
allIsolate ARG600 devices in separate network segments with strict firewall rules.
Access Control Lists
allImplement strict IP-based access controls to limit connections to authorized systems only.
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to isolate affected devices
- Monitor network traffic to/from ARG600 devices for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against vendor advisory. Review configuration for exposed serial port gateway/protocol converter functionality.Check Version:
Check device web interface or use vendor-specific CLI commands (varies by model)Verify Fix Applied:
Verify firmware version has been updated to patched version specified in vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Unauthorized connection attempts to serial port services
- Unexpected protocol converter activity
- Failed authentication attempts
Network Indicators:
- Unexpected connections to ARG600 devices on serial port protocols
- Traffic patterns inconsistent with normal industrial communications
SIEM Query:
source_ip:external AND dest_ip:ARG600_device AND (port:serial_ports OR protocol:industrial_protocols)