CVE-2023-0228

CWE-287 — Improper Authentication3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 70.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Symphony Plus S\+ Operations ABB Symphony Plus S+ Operations

Timeline

PublishedMar 2

Description

Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDabb/symphony_plus_s\+_operations2.0 — 2.1+4

▶CVEListV5abb/symphony_plus_s+_operations2.x — 2.1 SP2+3

🔴Vulnerability Details

CVEList

Improper authentication vulnerability in S+ Operations↗2023-03-02

▶

GHSA

GHSA-77h3-ghcp-37gm: Improper Authentication vulnerability in ABB Symphony Plus S+ Operations allows Man in the Middle Attack↗2023-03-02

▶