Stack overflow in filename or in boundary
CVE-2023-0426

8.6HIGH

Key Information:

Vendor

Abb

Status
Freelance Controllers Ac 700f
Freelance Controllers Ac 900f
Vendor
CVE Published:
7 August 2023

What is CVE-2023-0426?

ABB has identified a vulnerability affecting specific versions of its Freelance controllers AC 700F and AC 900F, characterized by a stack-based buffer overflow. This vulnerability allows potential attackers to disrupt the normal functioning of the controllers, possibly causing them to become unresponsive or inaccessible. Users are strongly advised to apply the available updates to mitigate this risk.

Affected Version(s)

Freelance controllers AC 700F 9.0;0

Freelance controllers AC 700F 0

Freelance controllers AC 700F 0

References

https://search.abb.com/library/Download.aspx?DocumentID=7...

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ABB thanks Nataliya Tlyapova and Denis Goryushev (Positive Technologies) for responsibly reporting the vulnerabilities and working with us as we addressed them.
.
CVE-2023-0426 : Stack overflow in filename or in boundary