CVE-2023-0636 HIGH

CVE-2023-0636: Remote Code Execution via Command Injection

Vendor Abb Ltd.

Product ASPECT®-Enterprise

Weakness CWE-77

Published June 5, 2023

Last update January 8, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.

Key dates

02Disclosure timeline

June 5, 2023 CVE published

January 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0636 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/77.html

Related vulnerabilities

Identifiers

CVE CVE-2023-0636

CWE CWE-77

CVSS 7.2 / HIGH

Affected versions

Vendor Abb Ltd.

Product ASPECT®-Enterprise

Affected ≥ 3.0;0 and < 3.07.0

Vendor Abb Ltd.

Product NEXUS Series

Affected ≥ 3.0;0 and < 3.07.0

Vendor Abb Ltd.

Product MATRIX Series

Affected ≥ 3.0;0 and < 3.07.1

CVE-2023-0636: Remote Code Execution via Command Injection

01Description

02Disclosure timeline

03References

04Related CVE