A crucial component of the production and distribution of electric power is the use of flow computers, which are specialized computers that calculate oil and gas volume and flow rates. These devices monitor liquids or gases that are essential for process reliability and safety as well as being inputs for other processes (alarms, records, settings), therefore precision is a must. Billing is another crucial component of flow computers’ function in a utility. Due to their widespread usage in big oil and gas utilities, ABB flow computers are crucial. Flaws in them that would enable an attacker to interfere with measurements by remotely executing code on the target device.

Since flow measurement calculations, particularly those involving gas flow, require a significant amount of computing power, they are frequently performed by a low-power CPU rather than a microcontroller.
Flow meters read raw data from connected sensors that, depending on what is being measured, can measure the volume of a material in a variety of ways (gas or a liquid). Electromagnetic, vortex, differential pressure, thermal, coriolis, and other types of flow meters are some examples.
The investigation focused on the FLO G5 flow computers made by ABB.
The FLO G5 is a single board computer that has a CPU, Ethernet, USB, and other IO interfaces. The CPU has a 32-bit architecture and is an ARMv8 processor. Linux is the device’s operating system.

A designated configuration program can be used to remotely configure the flow computer.

The key thing to notice is that setup is done using a proprietary protocol established by the ABB called TotalFlow. Using this protocol on top of a serial or Ethernet (TCP) connection is possible. The TotalFlow protocol (TCP/9999) is used for the majority of communication between the client and the device, including retrieval of the gas flow calculations, establishing and obtaining device settings, and importing and exporting configuration files.

Their discovered vulnerability, CVE-2022-0902, has a CVSS v3 score of 8.1 out of 10 and was just fixed in an ABB firmware upgrade.

CVE-2022-0902

Path Traversal Vulnerability

Products Affected: The Totalflow TCP protocol for ABB Flow Computers and Remote Controllers. ABB’s RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5, and UDC products.

An attacker may be able to remotely control flow computers and interfere with their capacity to precisely monitor oil and gas flow thanks to this path traversal vulnerability. These specialized computers compute the measures, which are inputs for a variety of operations including configurations and customer billing.

A successful exploitation of this vulnerability might make it difficult for a business to bill clients, necessitating a suspension of services, much to what happened to Colonial Pipeline after its 2021 ransomware attack.

Mike Stevens

Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.

Vulnerability in flow computers used by major Oil & Gas companies around the world can allow attackers to remotely control oil or gas quantities and modify gas bills

CVE-2022-0902

Dual Vulnerabilities in Microsoft SharePoint Server: Essential Steps to Mitigate Vulnerabilities

Exploiting the High-Risk Vulnerabilities in Secure Boot of Most Linux Devices on the Planet

Hackers’ New Target is containerized environments through vulnerabilities in runC

Hacking Android, Linux, macOS, iOS, Windows Devices via Bluetooth using a single vulnerability

Hacking Windows 10 and 11 with DLL Search Order Hijacking without administrator rights

Healthcare Hack Horror: Cyberattacks Leave French Hospitals in Chaos for $10 Million

Hacking the Unhackable: The Story of How CISA Was Breached

The Cloudflare Hack: A Hacker, 5000 Credentials, and Operation Code Red

Hijacked Data:LockBit Ransomware Gang Targets Aerospace Giant Boeing

Timeless Targets: After Casio, Seiko Group hacked again by Ransomware gang

Unlocked Doors: The Inside Story of Casio’s Global Data Breach!

Largest soft drink bottle supplier, recycle and plastic manufacturers hacked by ransomware

Google Gemini Under Fire: Critical Security Vulnerabilities You Need to Know to hack Gemini

Cracking SCCM Wide Open: Pentesting System Center Configuration Manager with Misconfiguration Manager

Hacking Windows 10 and 11 with DLL Search Order Hijacking without administrator rights

Hacking SSH Connections by exploiting SSH Protocol Vulnerabilities: Different Terrapin Attack Vectors

Understanding Latest DHCP DNS Vulnerabilities and How DHCP Exploits work in Active Directory

Hacking Bluetooth via MiTM: The BLUFFS Bluetooth attack to hack into Millions of Devices

6 Steps to File Anonymous SEC Complaints Against Data Breachers & Force Them to Pay Fines or Take Action

Inside the Exploit: How Your ChatGPT’s Uploaded Files Could Be Stolen by Prompt Injection Vulnerability

This Google Calendar technique allows to hack into companies without getting detected

This telegram bot is like ChatGPT for scammers to steal money from victims easily

How easy is to bomb someone mobile phone with thousands of SMS messages?

This new DDoS attack prevention technique has a 99% accuracy rate

How to secure Cisco Firepower Threat Defense (FTD) firewalls ?

How to use AWS SSM agent as backdoor and hack into EC2 instances?

New tool FraudGPT allows scamming and easy hacking of victims using AI

The Dark Side of PDFs: How Opening a Simple PDF Could Unleash a Cybersecurity Nightmare

Largest soft drink bottle supplier, recycle and plastic manufacturers hacked by ransomware

Visited thesaurus.com in search for Synonyms? You have Coinminer malware infection

How to send malware via Teams, even “Safe Attachments” or “Safe Links” can’t protect you

2 Big Cloud hosting companies shutdown by ransomware and lose all customer data