Insecure deserialization in zenon internal DLLs
CVE-2023-3324

6.3MEDIUM

Key Information:

Vendor: Abb
Status: Abb Ability™ Zenon
Vendor: CVE Published:; 24 July 2023

What is CVE-2023-3324?

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

Affected Version(s)

ABB Ability™ zenon 11 build <= 11 build 106404

References

https://search.abb.com/library/Download.aspx?DocumentID=2...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2023
Vulnerability Reserved
Jun 19, 2023

Credit

ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers.