CVE-2023-3323 Vulnerability Details

  /     /     /  

CVE-2023-3323 Metadata Quick Info

CVE Published: 24/07/2023 | CVE Updated: 18/10/2024 | CVE Year: 2023
Source: ABB | Vendor: ABB | Product: ABB Ability™ zenon
Status : PUBLISHED

---

CVE-2023-3323 Description

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

Metrics

CVSS Version: 3.1 | Base Score: 5.9 MEDIUM
Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-276
CWE Name: CWE-276 Incorrect Default Permissions
Source: ABB

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).