Code Execution through Writable Mosquitto Configuration File
CVE-2023-3321

7HIGH

Key Information:

Vendor: Abb
Status: Abb Ability™ Zenon
Vendor: CVE Published:; 24 July 2023

What is CVE-2023-3321?

A security vulnerability in the ABB Ability™ zenon system allows low-privileged users to read and modify sensitive data in various directories. Exploitation of this flaw can be achieved through specially crafted programs running on affected zenon installations, potentially leading to unauthorized data access and manipulation.

Affected Version(s)

ABB Ability™ zenon 11 build <= 11 build 106404

References

https://search.abb.com/library/Download.aspx?DocumentID=2...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2023
Vulnerability Reserved
Jun 19, 2023

Credit

ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers.

Abb

What is CVE-2023-3321?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit