Buffer overflow in global memory region
CVE-2023-0425

8.6HIGH

Key Information:

Vendor: Abb
Status: Freelance Controllers Ac 700f; Freelance Controllers Ac 900f
Vendor: CVE Published:; 7 August 2023

What is CVE-2023-0425?

ABB Freelance Controllers (AC 700F and AC 900F) are susceptible to a numeric range comparison vulnerability. This vulnerability may allow an attacker to exploit the flaws in controller modules, potentially leading to disruption of service or loss of accessibility. Users are encouraged to update to the latest firmware versions to mitigate risks associated with this vulnerability.

Affected Version(s)

Freelance controllers AC 700F 9.0;0

Freelance controllers AC 700F 0

References

https://search.abb.com/library/Download.aspx?DocumentID=7...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Jan 20, 2023

Credit

ABB thanks Nataliya Tlyapova and Denis Goryushev (Positive Technologies) for responsibly reporting the vulnerabilities and working with us as we addressed them.