Code Execution through overwriting service executable in utilities directory
CVE-2023-3322

7HIGH

Key Information:

Vendor: Abb
Status: Abb Ability™ Zenon
Vendor: CVE Published:; 24 July 2023

What is CVE-2023-3322?

A vulnerability in the ABB Ability™ zenon system enables low-privileged users to read and modify data in various directories. This flaw can be exploited by attackers utilizing specially crafted programs to execute commands on systems where zenon is installed. The issue potentially compromises data integrity and may expose sensitive information, affecting specific builds from 11 to 11 build 106404.

Affected Version(s)

ABB Ability™ zenon 11 build <= 11 build 106404

References

https://search.abb.com/library/Download.aspx?DocumentID=2...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2023
Vulnerability Reserved
Jun 19, 2023

Credit

ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers.

Abb

What is CVE-2023-3322?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit