CVE-2023-0636 — Command Injection in LTD Aspect Enterprise

CWE-77 — Command Injection CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.8CRITICALNVD

CNA7.2

EPSS

0.3%

top 49.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB LTD Aspect Enterprise ABB LTD Matrix Series ABB LTD Nexus Series +19 more

Timeline

PublishedJun 5

Latest updateJul 6

Description

Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages22 packages

▶CVEListV5abb_ltd/nexus_series3.0;0 — 3.07.0

▶CVEListV5abb_ltd/matrix_series3.0;0 — 3.07.1

▶NVDabb/matrix-11_firmware3.0.0 — 3.07.01

▶NVDabb/nexus-264_firmware3.0.0 — 3.07.01

▶NVDabb/matrix-216_firmware3.0.0 — 3.07.01

🔴Vulnerability Details

GHSA

GHSA-rgjp-37vj-5h44: Improper Input Validation vulnerability in ABB Ltd↗2023-07-06

▶

CVEList

Remote Code Execution via Command Injection↗2023-06-05

▶