Lucene search

ABBCVELIST:CVE-2023-3321

HistoryJul 24, 2023 - 5:06 p.m.

CVE-2023-3321 Code Execution through Writable Mosquitto Configuration File

2023-07-2417:06:31

CWE-15

ABB

www.cve.org

cve-2023-3321

code execution

writable mosquitto

abb ability™ zenon

vulnerability

low-privileged users

specially crafted programs

exploit

zenon installed hosts

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ABB Ability™ zenon",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "11 build 106404",
        "status": "affected",
        "version": "11 build ",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for CVELIST:CVE-2023-3321