Lucene search

K
cvelistABBCVELIST:CVE-2023-3321
HistoryJul 24, 2023 - 5:06 p.m.

CVE-2023-3321 Code Execution through Writable Mosquitto Configuration File

2023-07-2417:06:31
CWE-15
ABB
www.cve.org
cve-2023-3321
code execution
writable mosquitto
abb ability™ zenon
vulnerability
low-privileged users
specially crafted programs
exploit
zenon installed hosts

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ABB Ability™ zenon",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "11 build 106404",
        "status": "affected",
        "version": "11 build ",
        "versionType": "custom"
      }
    ]
  }
]

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

Related for CVELIST:CVE-2023-3321