Lucene search

ABBCVE-2023-3324

HistoryJul 24, 2023 - 6:15 p.m.

CVE-2023-3324

2023-07-2418:15:23

CWE-502

ABB

web.nvd.nist.gov

cve-2023-3324

vulnerability

abb ability

zenon

data access

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

38.5%

JSON

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

Affected configurations

Nvd

Node

abbzenonRange≤11.0.0

VendorProductVersionCPE
abbzenon*cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
abb	zenon	*	cpe:2.3:a:abb:zenon::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ABB Ability™ zenon",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "11 build 106404",
        "status": "affected",
        "version": "11 build",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

38.5%

JSON

Related for CVE-2023-3324