Lucene search
K

ABB M2M Gateway TLS Handshake bypass in embedded Python (CVE-2023-40217)

🗓️ 27 May 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 36 Views

TLS handshake bypass vulnerability in Python versions affecting server client authentication.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Vulnerability with Python affect IBM Cloud Object Storage Systems (Sept2023v2)
25 Sep 202322:25
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in Python may affect the IBM Storage Scale System
12 Dec 202312:03
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift
15 Apr 202502:37
ibm
IBM Security Bulletins
Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152
25 Jun 202508:00
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.4-IF001
29 Nov 202320:20
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in containers of IBM Workload Scheduler component of IBM Workload Automation
26 Feb 202509:23
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
5 Feb 202418:46
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Axios, Node.js, VMWare tools, and Linux Kernel might affect IBM Storage Defender – Data Protect.
9 Feb 202415:50
ibm
IBM Security Bulletins
Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.0 has addressed security vulnerabilities
29 Nov 202322:26
ibm
IBM Security Bulletins
Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152
25 Jun 202507:57
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(503247);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/14");

  script_cve_id("CVE-2023-40217");
  script_xref(name:"ICSA", value:"25-105-08");

  script_name(english:"ABB M2M Gateway TLS Handshake bypass in embedded Python (CVE-2023-40217)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18,
3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects
servers (such as HTTP servers) that use TLS client authentication. If
a TLS server-side socket is created, receives data into the socket
buffer, and then is closed quickly, there is a brief window where the
SSLSocket instance will detect the socket as not connected and won't
initiate a handshake, but buffered data will still be readable from
the socket buffer. This data will not be authenticated if the server-
side TLS peer is expecting client certificate authentication, and is
indistinguishable from valid TLS stream data. Data is limited in size
to the amount that will fit in the buffer. (The TLS connection cannot
directly be used for data exfiltration because the vulnerable code
path requires that the connection be closed on initialization of the
SSLSocket.)

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08");
  # https://search.abb.com/library/Download.aspx?DocumentID=2NGA002579&LanguageCode=en&DocumentPartId=pdf&Action=Launch
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?310ae51a");
  script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html");
  script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html");
  # https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?42278553");
  script_set_attribute(attribute:"see_also", value:"https://security.netapp.com/advisory/ntap-20231006-0014/");
  script_set_attribute(attribute:"see_also", value:"https://www.python.org/dev/security/");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

For more information, please refer to ABB's Cybersecurity Advisory 2NGA002579. It provides a comprehensive mapping of
mitigation applicability in relation to each individual vulnerability listed.

ABB recommends the following mitigations:

- Obtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card
subscriptions can be requested from the cellular service provider. This service doesn't expose the traffic between
remote sites and the main site to the Internet but rather uses the cellular operator's private wide area network (WAN).
Therefore, the ARM600 wouldn't need open ports to the Internet.
- Avoid exposing any system component to the Internet. If the ARM600 must be exposed to the Internet, only the VPN port
should be opened towards the Internet (e.g., Patrol management connections can be configured to use a VPN tunnel, and
remote administration connections can be implemented using an OpenVPN PC-client).
- The ARM600 system is by default not dependent on the name service (DNS). If the name service is not used in the
system, the name service port (TCP/UDP Port 53) can be blocked by a firewall.
- Perform firewall configuration using the 'allowlisting' principle, explicitly allowing only the required ports and
protocols and blocking all other traffic.
- Filter specific ICMP packets from external systems (ICMP type 13 and 14) using a firewall to avoid exposing the system
time.
- If the Internet is used as a WAN medium for carrying VPN tunnels, use a demilitarized zone (DMZ) for terminating
connections from the Internet. Remote connections should terminate in the DMZ network, which would be segregated from
other networks by a firewall. The ARM600 server should be located in this DMZ.
- Change the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-
guessable passwords with special characters. Do not reuse passwords within the system.
- Use administrator (i.e., root user) privileges only when required by the task.
- Supporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site
PCs for upgrading and engineering purposes. At a minimum, PCs should be investigated by running a full virus scan with
recently updated signature files before introducing the PC to the OT system. Any data, such as device configurations and
firmware update files, should be virus scanned prior to transferring to the Arctic system.
- Introduce a backup policy to ensure periodic backups and backup revision numbering. Consider the following:a. Check
that the entire system has backups available from all applicable parts.b. Store the backups in a safe place (e.g. in an
encrypted storage), restricted by role-based access control mechanisms.c. Ensure the security of the configuration PCs
that may have local copies of device configurations.d. Validate the backups to ensure they are working.
- Follow cyber security best practices for installation, operation, and decommissioning as described in the product's
cyber security deployment guideline and user manual.
- Use continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system.
- Consider hardening the system according to the following:a. Remove any unnecessary communication links in the
system.b. If possible, close unused physical ports.c. Open only the necessary TCP/UDP ports in the configuration.d.
Remove all unnecessary user accounts.e. Restrict traffic by firewall.f. Allow the traffic only from/to necessary hosts'
IP addresses (i.e., define both source and destination in the firewall rules, where possible).g. Define client IP
address as allowed address in SCADA communication protocols, if such configuration is supported.h. Remove or deactivate
all unused processes, communication ports, and services where possible.i. Use physical access controls to the system
installations (e.g., to server rooms and device cabinets).
- In ARM600SW installations, avoid servers with AMD processors vulnerable to the following: CVE-2021-26401,
CVE-2023-20569 and CVE-2023-20593.
- Avoid using AX88179_178A chipset-based USB-to-ethernet devices.

ABB strongly recommends the following (non-exhaustive) list of cyber security practices for any installation of
software-related ABB products:

- Isolate special purpose networks (e.g., for automation systems) and remote devices behind firewalls and separate them
from any general purpose network (e.g., office or home networks).
- Install physical controls to ensure no unauthorized personnel can access the devices, components, peripheral
equipment, and networks.
- Never connect programming software or computers containing programming software to any network other than the network
intended for the devices.
- Scan all data imported into the environment before use to detect potential malware infections.
- Minimize network exposure for all applications and endpoints to ensure they are not accessible from the Internet
unless they are designed for such exposure and the intended use requires it.
- Ensure all nodes are always up to date with installed software, operating system, and firmware patches, as well as
anti-virus and firewall updates.
- When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may
have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as
secure as the connected devices.");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-40217");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/05/27");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:arm600_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:sw_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/ABB");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/ABB');

var asset = tenable_ot::assets::get(vendor:'ABB');

var vuln_cpes = {
    "cpe:/o:abb:arm600_firmware:-" :
        {"versionEndIncluding": "5.0.3", "versionStartIncluding": "4.1.2", "family" : "AbbM2M"},
    "cpe:/o:abb:sw_firmware:-" :
        {"versionEndIncluding": "5.0.3", "versionStartIncluding": "5.0.1", "family" : "AbbM2M"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

14 Feb 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.15.3
EPSS0.0079
SSVC
36