Vulnerability Details : CVE-2023-0426
ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves
the reported vulnerabilities in the product versions under maintenance.
An attacker who successfully exploited one or more of these vulnerabilities could cause the product to
stop or make the product inaccessible.
Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:
Freelance controllers AC 700F:
from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;
Freelance controllers AC 900F:
through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.
Vulnerability category: Overflow
Products affected by CVE-2023-0426
- cpe:2.3:o:abb:ac700f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:ac700f_firmware:9.2.0:-:*:*:*:*:*:*
- cpe:2.3:o:abb:ac700f_firmware:9.2.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:abb:freelance_2013:-:*:*:*:*:*:*:*
- cpe:2.3:o:abb:freelance_2013:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:abb:freelance_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:abb:freelance_2016:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:abb:freelance_2019:-:*:*:*:*:*:*:*
- cpe:2.3:o:abb:freelance_2019:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:abb:freelance_2019:-:sp1_fp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0426
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0426
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
3.9
|
4.7
|
Asea Brown Boveri Ltd. (ABB) | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-0426
-
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Assigned by: cybersecurity@ch.abb.com (Primary)
References for CVE-2023-0426
-
https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.68514131.339223974.1691382343-1911411808.1686627590
Sign in to your accountPatch;Vendor Advisory
Jump to