Details of VAR-202307-2026

ID

VAR-202307-2026

CVE

CVE-2023-3324

TITLE

ABB Abilit zenon Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202307-1952

DESCRIPTION

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

Trust: 1.0

sources: NVD: CVE-2023-3324

AFFECTED PRODUCTS

vendor:

abb

model:

zenon

scope:

lte

version:

11.0.0

Trust: 1.0

sources: NVD: CVE-2023-3324

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-3324
value:	HIGH
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2023-3324
value:	MEDIUM
Trust: 1.0

nvd@nist.gov:	CVE-2023-3324
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2023-3324
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.5
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-3324 // NVD: CVE-2023-3324

PROBLEMTYPE DATA

problemtype:

CWE-502

Trust: 1.0

sources: NVD: CVE-2023-3324

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202307-1952

EXTERNAL IDS

db:	NVD	id:	CVE-2023-3324	Trust: 1.6
db:	CNNVD	id:	CNNVD-202307-1952	Trust: 0.6

sources: CNNVD: CNNVD-202307-1952 // NVD: CVE-2023-3324

REFERENCES

url:	https://search.abb.com/library/download.aspx?documentid=2nga001801&languagecode=en&documentpartid=&action=launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590	Trust: 1.6
url:	https://cxsecurity.com/cveshow/cve-2023-3324/	Trust: 0.6

sources: CNNVD: CNNVD-202307-1952 // NVD: CVE-2023-3324

SOURCES

db:	CNNVD	id:	CNNVD-202307-1952
db:	NVD	id:	CVE-2023-3324

LAST UPDATE DATE

2024-08-14T15:26:28.408000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202307-1952	date:	2023-07-25T00:00:00
db:	NVD	id:	CVE-2023-3324	date:	2023-08-01T21:12:32.530

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202307-1952	date:	2023-07-24T00:00:00
db:	NVD	id:	CVE-2023-3324	date:	2023-07-24T18:15:23.717