CVE-2023-3324 MEDIUM

CVE-2023-3324: Insecure deserialization in zenon internal DLLs

Vendor Abb

Product ABB Ability™ zenon

Weakness CWE-502 · Unsafe deserialization

Published July 24, 2023

Last update October 18, 2024

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

Key dates

02Disclosure timeline

July 24, 2023 CVE published

October 18, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3324 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

Identifiers

CVE CVE-2023-3324

CWE CWE-502

CVSS 6.3 / MEDIUM

Affected versions