CVE-2023-0635

EPSS 0.12%
Veröffentlicht 05.06.2023 04:15:09
Zuletzt bearbeitet 21.11.2024 07:37:31
Quelle cybersecurity@ch.abb.com
Teams Watchlist Login
Unerledigt Login

Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Abb ≫ Aspect-ent-2 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Aspect-ent-2 Version-

Abb ≫ Aspect-ent-12 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Aspect-ent-12 Version-

Abb ≫ Aspect-ent-256 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Aspect-ent-256 Version-

Abb ≫ Aspect-ent-96 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Aspect-ent-96 Version-

Abb ≫ Nexus-2128 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-2128 Version-

Abb ≫ Nexus-2128-a Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-2128-a Version-

Abb ≫ Nexus-2128-g Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-2128-g Version-

Abb ≫ Nexus-2128-f Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-2128-f Version-

Abb ≫ Nexus-3-2128 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-3-2128 Version-

Abb ≫ Nexus-3-264 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-3-264 Version-

Abb ≫ Nexus-264 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-264 Version-

Abb ≫ Nexus-264-a Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-264-a Version-

Abb ≫ Nexus-264-g Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-264-g Version-

Abb ≫ Nexus-264-f Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-264-f Version-

Abb ≫ Matrix-216 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Matrix-216 Version-

Abb ≫ Matrix-232 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Matrix-232 Version-

Abb ≫ Matrix-296 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Matrix-296 Version-

Abb ≫ Matrix-264 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Matrix-264 Version-

Abb ≫ Matrix-11 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Matrix-11 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.274

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cybersecurity@ch.abb.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1391 Use of Weak Credentials

The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.

https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0635

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0635

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0635

EUVD