ABB patches high-severity flaw in oil, gas utility computer system

Swedish-Swiss electrical equipment manufacturer ABB has released an update addressing a high-severity flaw in its flow computers, which are being widely used by major oil and gas utilities around the world, according to The Record, a news site by cybersecurity firm Recorded Future. Threat actors could leverage the flaw, tracked as CVE-2022-0902, to facilitate flow computer takeovers and disrupt accurate oil and gas flow measurements, said Claroty, which identified the vulnerability in ABB's RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5, and UDC offerings. "Attackers can exploit this flaw to gain root access on an ABB flow computer, read and write files, and remotely execute code," Claroty noted, adding that operational disruptions of flow computers could affect both IT and OT systems. Meanwhile, the update issued by ABB remediates the vulnerability in all of the impacted devices. "Mitigation can be accomplished by proper network segmentation," said an ABB spokesperson in a statement.