CVE-2023-0635

05.06.2023, 04:15

Improper Privilege Management vulnerability in ABB Ltd. ASPECT-Enterprise on ASPECT-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ABB	CNA	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 31%

Vendor	Product	Version
abb	aspect-ent-2_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	aspect-ent-12_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	aspect-ent-256_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	aspect-ent-96_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	nexus-2128_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	nexus-2128-a_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	nexus-2128-g_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	nexus-2128-f_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	nexus-3-2128_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	nexus-3-264_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	nexus-264_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	nexus-264-a_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	nexus-264-g_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	nexus-264-f_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	matrix-216_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	matrix-232_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	matrix-296_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	matrix-264_firmware	3.0.0 ≤ 𝑥 < 3.07.01
abb	matrix-11_firmware	3.0.0 ≤ 𝑥 < 3.07.01

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-1391 - Use of Weak Credentials
The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.

References

https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch