CVE-2023-0425

moderate-risk
Published 2023-08-07

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible.  Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F:  from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;  Freelance controllers AC 900F:  Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10 High
NETWORK / LOW complexity

Affected Products (10)

Ac700F Firmware
Ac700F Firmware
Ac700F Firmware
Freelance 2013
Freelance 2013
Freelance 2016
Freelance 2016
Freelance 2019
Freelance 2019
Freelance 2019

Affected Vendors

Abb

References (2)

Patch https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517&LanguageCode=...
Patch https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517&LanguageCode=...
46
/ 100
moderate-risk
Severity 29/34 · Critical
Exploitability 1/34 · Minimal
Exposure 16/34 · Moderate