CVE-2023-0425: Buffer overflow in global memory region
First published: Mon Aug 07 2023(Updated: )
ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.
Credit: cybersecurity@ch.abb.com cybersecurity@ch.abb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Abb Ac700f Firmware | >=9.0.0<9.2.0 | |
| Abb Ac700f Firmware | =9.2.0 | |
| Abb Ac700f Firmware | =9.2.0-sp1 | |
| Abb Ac700f | ||
| Abb Freelance 2013 | ||
| Abb Freelance 2013 | =sp1 | |
| Abb Freelance 2016 | ||
| Abb Freelance 2016 | =sp1 | |
| Abb Freelance 2019 | ||
| Abb Freelance 2019 | =sp1 | |
| Abb Freelance 2019 | =sp1_fp1 | |
| Abb Ac900f |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-0425?
CVE-2023-0425 is a high severity vulnerability affecting ABB products.
How does CVE-2023-0425 affect ABB products?
CVE-2023-0425 can cause the affected ABB products to stop or become unresponsive.
Which ABB products are affected by CVE-2023-0425?
ABB AC700F Firmware versions 9.0.0 to 9.2.0, Abb Freelance 2013, Abb Freelance 2016, and Abb Freelance 2019 are affected by CVE-2023-0425.
What is the severity of CVE-2023-0425?
CVE-2023-0425 has a severity rating of 7.5 (High).
How can I fix CVE-2023-0425?
ABB has released an update that resolves the vulnerabilities associated with CVE-2023-0425. Please refer to the ABB security advisory for more information.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/title
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/abb
- canonical/abb ac700f firmware
- version/abb ac700f firmware/9.0.0
- version/abb ac700f firmware/9.2.0
- version/abb ac700f firmware/9.2.0-sp1
- canonical/abb ac700f
- canonical/abb freelance 2013
- version/abb freelance 2013/sp1
- canonical/abb freelance 2016
- version/abb freelance 2016/sp1
- canonical/abb freelance 2019
- version/abb freelance 2019/sp1
- version/abb freelance 2019/sp1_fp1
- canonical/abb ac900f