CVE-2023-0636: Remote Code Execution via Command Injection
First published: Mon Jun 05 2023(Updated: )
Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.
Credit: cybersecurity@ch.abb.com cybersecurity@ch.abb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Abb Aspect-ent-2 Firmware | >=3.0.0<3.07.01 | |
| Abb Aspect-ent-2 | ||
| Abb Aspect-ent-12 Firmware | >=3.0.0<3.07.01 | |
| Abb Aspect-ent-12 | ||
| Abb Aspect-ent-256 Firmware | >=3.0.0<3.07.01 | |
| Abb Aspect-ent-256 | ||
| Abb Aspect-ent-96 Firmware | >=3.0.0<3.07.01 | |
| Abb Aspect-ent-96 | ||
| Abb Nexus-2128 Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-2128 | ||
| Abb Nexus-2128-a Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-2128-a | ||
| Abb Nexus-2128-g Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-2128-g | ||
| Abb Nexus-2128-f Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-2128-f | ||
| Abb Nexus-3-2128 Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-3-2128 | ||
| Abb Nexus-3-264 Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-3-264 | ||
| Abb Nexus-264 Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-264 | ||
| Abb Nexus-264-a Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-264-a | ||
| Abb Nexus-264-g Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-264-g | ||
| Abb Nexus-264-f Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-264-f | ||
| Abb Matrix-216 Firmware | >=3.0.0<3.07.01 | |
| Abb Matrix-216 | ||
| Abb Matrix-232 Firmware | >=3.0.0<3.07.01 | |
| Abb Matrix-232 | ||
| Abb Matrix-296 Firmware | >=3.0.0<3.07.01 | |
| Abb Matrix-296 | ||
| Abb Matrix-264 Firmware | >=3.0.0<3.07.01 | |
| Abb Matrix-264 | ||
| Abb Matrix-11 Firmware | >=3.0.0<3.07.01 | |
| Abb Matrix-11 | ||
| All of | ||
| Abb Aspect-ent-2 Firmware | >=3.0.0<3.07.01 | |
| Abb Aspect-ent-2 | ||
| All of | ||
| Abb Aspect-ent-12 Firmware | >=3.0.0<3.07.01 | |
| Abb Aspect-ent-12 | ||
| All of | ||
| Abb Aspect-ent-256 Firmware | >=3.0.0<3.07.01 | |
| Abb Aspect-ent-256 | ||
| All of | ||
| Abb Aspect-ent-96 Firmware | >=3.0.0<3.07.01 | |
| Abb Aspect-ent-96 | ||
| All of | ||
| Abb Nexus-2128 Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-2128 | ||
| All of | ||
| Abb Nexus-2128-a Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-2128-a | ||
| All of | ||
| Abb Nexus-2128-g Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-2128-g | ||
| All of | ||
| Abb Nexus-2128-f Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-2128-f | ||
| All of | ||
| Abb Nexus-3-2128 Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-3-2128 | ||
| All of | ||
| Abb Nexus-3-264 Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-3-264 | ||
| All of | ||
| Abb Nexus-264 Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-264 | ||
| All of | ||
| Abb Nexus-264-a Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-264-a | ||
| All of | ||
| Abb Nexus-264-g Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-264-g | ||
| All of | ||
| Abb Nexus-264-f Firmware | >=3.0.0<3.07.01 | |
| Abb Nexus-264-f | ||
| All of | ||
| Abb Matrix-216 Firmware | >=3.0.0<3.07.01 | |
| Abb Matrix-216 | ||
| All of | ||
| Abb Matrix-232 Firmware | >=3.0.0<3.07.01 | |
| Abb Matrix-232 | ||
| All of | ||
| Abb Matrix-296 Firmware | >=3.0.0<3.07.01 | |
| Abb Matrix-296 | ||
| All of | ||
| Abb Matrix-264 Firmware | >=3.0.0<3.07.01 | |
| Abb Matrix-264 | ||
| All of | ||
| Abb Matrix-11 Firmware | >=3.0.0<3.07.01 | |
| Abb Matrix-11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this ABB Ltd. ASPECT®-Enterprise vulnerability?
The vulnerability ID is CVE-2023-0636.
What is the severity level of CVE-2023-0636?
The severity level of CVE-2023-0636 is critical with a score of 9.8.
Which software products are affected by CVE-2023-0636?
ABB Ltd. ASPECT®-Enterprise and ABB Ltd. NEXUS Series on ASPECT®-Enterprise, Linux, and NEXUS Series firmware versions 3.0.0 to 3.07.01 are affected.
How can I fix CVE-2023-0636?
Apply the latest firmware update provided by ABB Ltd. to address CVE-2023-0636.
Where can I find more information about CVE-2023-0636?
You can find more information about CVE-2023-0636 at the following link: [https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch](https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch)
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/abb
- canonical/abb aspect-ent-2 firmware
- version/abb aspect-ent-2 firmware/3.0.0
- canonical/abb aspect-ent-2
- canonical/abb aspect-ent-12 firmware
- version/abb aspect-ent-12 firmware/3.0.0
- canonical/abb aspect-ent-12
- canonical/abb aspect-ent-256 firmware
- version/abb aspect-ent-256 firmware/3.0.0
- canonical/abb aspect-ent-256
- canonical/abb aspect-ent-96 firmware
- version/abb aspect-ent-96 firmware/3.0.0
- canonical/abb aspect-ent-96
- canonical/abb nexus-2128 firmware
- version/abb nexus-2128 firmware/3.0.0
- canonical/abb nexus-2128
- canonical/abb nexus-2128-a firmware
- version/abb nexus-2128-a firmware/3.0.0
- canonical/abb nexus-2128-a
- canonical/abb nexus-2128-g firmware
- version/abb nexus-2128-g firmware/3.0.0
- canonical/abb nexus-2128-g
- canonical/abb nexus-2128-f firmware
- version/abb nexus-2128-f firmware/3.0.0
- canonical/abb nexus-2128-f
- canonical/abb nexus-3-2128 firmware
- version/abb nexus-3-2128 firmware/3.0.0
- canonical/abb nexus-3-2128
- canonical/abb nexus-3-264 firmware
- version/abb nexus-3-264 firmware/3.0.0
- canonical/abb nexus-3-264
- canonical/abb nexus-264 firmware
- version/abb nexus-264 firmware/3.0.0
- canonical/abb nexus-264
- canonical/abb nexus-264-a firmware
- version/abb nexus-264-a firmware/3.0.0
- canonical/abb nexus-264-a
- canonical/abb nexus-264-g firmware
- version/abb nexus-264-g firmware/3.0.0
- canonical/abb nexus-264-g
- canonical/abb nexus-264-f firmware
- version/abb nexus-264-f firmware/3.0.0
- canonical/abb nexus-264-f
- canonical/abb matrix-216 firmware
- version/abb matrix-216 firmware/3.0.0
- canonical/abb matrix-216
- canonical/abb matrix-232 firmware
- version/abb matrix-232 firmware/3.0.0
- canonical/abb matrix-232
- canonical/abb matrix-296 firmware
- version/abb matrix-296 firmware/3.0.0
- canonical/abb matrix-296
- canonical/abb matrix-264 firmware
- version/abb matrix-264 firmware/3.0.0
- canonical/abb matrix-264
- canonical/abb matrix-11 firmware
- version/abb matrix-11 firmware/3.0.0
- canonical/abb matrix-11