Lucene search

ABBCVELIST:CVE-2023-3322

HistoryJul 24, 2023 - 5:12 p.m.

CVE-2023-3322 Code Execution through overwriting service executable in utilities directory

2023-07-2417:12:37

CWE-732

ABB

www.cve.org

cve-2023-3322

code execution

service executable

utilities directory

low-privileged users

data update

zenon system

specially crafted programs

installed hosts

abb ability zenon

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ABB Ability™ zenon",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "11 build 106404",
        "status": "affected",
        "version": "11 build ",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

Related for CVELIST:CVE-2023-3322