CVE-2023-0636

EPSS 0.12%
Veröffentlicht 05.06.2023 04:15:10
Zuletzt bearbeitet 21.11.2024 07:37:31
Quelle cybersecurity@ch.abb.com
Teams Watchlist Login
Unerledigt Login

Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Abb ≫ Aspect-ent-2 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Aspect-ent-2 Version-

Abb ≫ Aspect-ent-12 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Aspect-ent-12 Version-

Abb ≫ Aspect-ent-256 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Aspect-ent-256 Version-

Abb ≫ Aspect-ent-96 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Aspect-ent-96 Version-

Abb ≫ Nexus-2128 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-2128 Version-

Abb ≫ Nexus-2128-a Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-2128-a Version-

Abb ≫ Nexus-2128-g Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-2128-g Version-

Abb ≫ Nexus-2128-f Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-2128-f Version-

Abb ≫ Nexus-3-2128 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-3-2128 Version-

Abb ≫ Nexus-3-264 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-3-264 Version-

Abb ≫ Nexus-264 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-264 Version-

Abb ≫ Nexus-264-a Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-264-a Version-

Abb ≫ Nexus-264-g Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-264-g Version-

Abb ≫ Nexus-264-f Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Nexus-264-f Version-

Abb ≫ Matrix-216 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Matrix-216 Version-

Abb ≫ Matrix-232 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Matrix-232 Version-

Abb ≫ Matrix-296 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Matrix-296 Version-

Abb ≫ Matrix-264 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Matrix-264 Version-

Abb ≫ Matrix-11 Firmware Version >= 3.0.0 < 3.07.01

Abb ≫ Matrix-11 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.283

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cybersecurity@ch.abb.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0636

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0636

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0636

EUVD