ABB M2M Gateway
Act Now8.8ICS-CERT ICSA-25-105-08Apr 15, 2025
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
ABB M2M Gateway ARM600 (firmware versions 4.1.2 to 5.0.3) and M2M Gateway SW (software versions 5.0.1 to 5.0.3) contain multiple critical vulnerabilities including input validation flaws (CWE-20, CWE-74, CWE-787, CWE-119), improper authentication (CWE-287), and memory safety issues (CWE-190, CWE-416). A remote attacker with network access and valid user credentials could exploit these weaknesses to execute arbitrary code, remotely control the device, stop operations, or render it inaccessible. The broad range of CWE designations indicates systemic input validation, buffer handling, and access control deficiencies across multiple functional areas.
What this means
What could happen
An attacker with network access to the M2M Gateway could execute arbitrary code, remotely control the device, stop operations, or make it inaccessible. This could disrupt communication and management functions for critical infrastructure sites connected through the gateway.
Who's at risk
Energy sector operators managing remote sites or distributed infrastructure using ABB M2M Gateway ARM600 or M2M Gateway SW for communications and management. This includes utilities with cellular or Internet-based remote access to PLCs, RTUs, or substations. Any facility relying on the gateway for secure communication between central sites and remote locations is affected.
How it could be exploited
An attacker with network access and valid user credentials could exploit multiple input validation and authentication weaknesses (CWE-20, CWE-287) to send malicious commands to the M2M Gateway, leading to code execution or device compromise. The gateway's exposure to the Internet or untrusted networks increases the attack surface.
Prerequisites
- Network access to the M2M Gateway (direct Internet exposure or access from compromised internal network)
- Valid user credentials (default or previously compromised)
- No requirement for physical access or user interaction
Remotely exploitable over networkHigh EPSS exploit probability (92.5%)Authentication required but default/weak credentials possibleNo patch currently available from vendorMultiple critical input validation weaknesses (CWE-20, CWE-74, CWE-787, CWE-119)Allows arbitrary code execution
Exploitability
High exploit probability (EPSS 92.5%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
M2M Gateway ARM600, firmware≥ 4.1.2|≤ 5.0.3No fix (EOL)
M2M Gateway SW, software≥ 5.0.1|≤ 5.0.3No fix (EOL)
Remediation & Mitigation
0/10
Do now
0/5HARDENINGDo not expose the M2M Gateway to the Internet; if Internet connectivity is required, use a VPN tunnel through a DMZ with strict firewall rules allowing only VPN traffic
HARDENINGChange all default user credentials to strong, unique passwords with special characters; disable default accounts if not required
HARDENINGConfigure firewall with allowlisting principle: explicitly permit only required ports and protocols (e.g., TCP/UDP 53 for DNS if used, VPN port for remote management); block all other traffic including ICMP types 13 and 14
HARDENINGImplement network segmentation: place the M2M Gateway in a DMZ isolated from other OT networks; restrict SSH, Telnet, and management access to authorized hosts only
WORKAROUNDConsider using a private cellular APN with dedicated SIM cards instead of Internet-based connectivity to eliminate Internet-facing attack surface
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
HARDENINGEnable continuous monitoring and intrusion detection/prevention (IDS/IPS) to detect anomalous commands or traffic patterns
HARDENINGEstablish and test backup and restore procedures; store backups in encrypted, access-controlled storage and validate recoverability regularly
HARDENINGHarden the system by removing unnecessary user accounts, disabling unused services and communication ports, and closing unused physical ports
HARDENINGScan all configuration PCs and firmware update files with current antivirus signatures before introducing them to the OT network; use dedicated, frequently updated PCs for engineering tasks
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: M2M Gateway ARM600, firmware, M2M Gateway SW, software. Apply the following compensating controls:
HARDENINGMonitor vendor security advisories and subscribe to ABB cybersecurity notifications for future firmware updates once available
CVEs (42)
CVE-2022-23521CVE-2022-41903CVE-2023-25690CVE-2023-38408CVE-2016-10009CVE-2022-2526CVE-2022-37434CVE-2023-20032CVE-2022-38177CVE-2022-38178CVE-2023-2828CVE-2023-3341CVE-2022-41974CVE-2022-40674CVE-2023-25652CVE-2023-29007CVE-2022-2964CVE-2021-26401CVE-2022-4378CVE-2022-42703CVE-2022-3564CVE-2023-32233CVE-2023-35001CVE-2023-3609CVE-2023-42753CVE-2022-42898CVE-2020-22218CVE-2023-0286CVE-2023-24329CVE-2022-29154CVE-2023-22809CVE-2022-25147CVE-2021-25220CVE-2022-2795CVE-2022-43750CVE-2023-20569CVE-2023-20593CVE-2023-40217CVE-2023-48795CVE-2013-0169CVE-2012-4929CVE-1999-0524
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b7ee78ab-dc3d-4ffd-92cd-9cd77e23aa6e