VDB
CVE-2022-24999
CVE-2022-24999
PUBLISHED
CVSS 7.5 HIGH
A vulnerability exists in the web UI (REST interface) included in the product versions listed above. An attacker could exploit the vulnerability by sending a specially crafted message to the web UI node, causing a Node process hang, requiring restart of the REST interface (disable/enable).
EPSS 1.54% · 81.7th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
1.54%
81.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | RMC-100 LITE (2106229-010 to 2106229-016) | |
| ABB | RMC-100 (2105457-036 to 2105457-044) |
Timeline
- Nov 26, 2022 CVE Published
- Nov 27, 2022 EPSS Score
- Jan 31, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Sep 8, 2023 CVE Updated
- Dec 17, 2024 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 21, 2025 EPSS Score
- Mar 26, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 5, 2025 EPSS Score
References
- https://psirt.abb.com/csaf/2025/9akk108470a8565.json advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A8565&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://new.abb.com/products/measurement-products/upstream-oil-and-gas/flow-computers-remote-controllers/flow-computers/rmc advisory
- https://nvd.nist.gov/vuln/detail/cve-2022-24999 advisory