CVE-2023-3322 HIGH

CVE-2023-3322: Code Execution through overwriting service executable in utilities directory

Vendor Abb
Product ABB Ability™ zenon
Weakness CWE-732
Published July 24, 2023
Last update October 24, 2024

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

Key dates

02Disclosure timeline

July 24, 2023 CVE published
October 24, 2024 Record updated