CVE-2023-3323Incorrect Default Permissions in Ability Zenon

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
5.4MEDIUMNVD
CNA5.9
EPSS
0.2%
top 60.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ABB Ability ZenonABB Zenon
Timeline
PublishedJul 24

Description

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDabb/zenon11.0.0
CVEListV5abb/abb_ability_zenon11 build 11 build 106404

🔴Vulnerability Details

2
GHSA
GHSA-3jmp-h6jj-v2fx: A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system2023-07-24
CVEList
Code Execution through overwriting project file on zenon engineering studio system2023-07-24