HQ/EMEAFind out how we can help your business
The high-severity vulnerabilities within the ABB’s flow computers might compromise one of the world’s largest oil and gas utilities. The flaw could affect the devices that calculate oil and gas volume and flow rates.
ABB is a Swedish-Swiss electrical equipment company that has been operating for more than a hundred years. The researchers explained that flow computer is essential to facilities’ safety but is also critical for billing services.
The recently discovered flaw is tracked as CVE-2022-0902, which obtains a CVSS v3 score of 8.1, which translates to a vulnerability with high severity.
One of the representatives from the affected ABB’s flow computers was notified by the ones who discovered the flaw.
The spokesperson of ABB said that their company is already notified regarding the vulnerability in the flow computer and remote controller product versions.
Furthermore, the company revealed that a patch to fix the flaw in their product versions is listed in their advisory. The company also explained that its clients could mitigate problems from the flaw through proper network segmentation.
Based on reports, the vulnerability could allow an attacker to take over the flow computer and remotely affect the flow devices’ ability to detect and measure the oil and gas flow correctly.
The researchers found the vulnerabilities as they searched for codes that could allow an attacker to control a device remotely. Thus, they have identified the high-severity path-traversal vulnerability within ABB’s flow computers.
An attacker could abuse the discovered flaw to acquire root access on an ABB flow computer, remotely execute code, and read and write files. The flow meters within the device could read raw data from sensors that measure the volume of a substance in multiple methods, depending on if the computer is measuring a liquid or gas. Therefore, the critical flaw could also disrupt a company’s process of billing customers.
The researchers said the flow computers are a potential attack vector for attackers that could impact the IT and OT systems. Users of the machine from ABB should update their devices to avoid any exploit attempts from hackers.
