CVE-2023-0636 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2023-0636

Modified

More Info Official Page

Source-cybersecurity@ch.abb.com

Published At-05 Jun, 2023 | 04:15

Updated At-19 Sep, 2024 | 17:15

Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CPE Matches

>>aspect-ent-2_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*

>>aspect-ent-2>>-

cpe:2.3:h:abb:aspect-ent-2:-:*:*:*:*:*:*:*

>>aspect-ent-12_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*

>>aspect-ent-12>>-

cpe:2.3:h:abb:aspect-ent-12:-:*:*:*:*:*:*:*

>>aspect-ent-256_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*

>>aspect-ent-256>>-

cpe:2.3:h:abb:aspect-ent-256:-:*:*:*:*:*:*:*

>>aspect-ent-96_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*

>>aspect-ent-96>>-

cpe:2.3:h:abb:aspect-ent-96:-:*:*:*:*:*:*:*

>>nexus-2128_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*

>>nexus-2128>>-

cpe:2.3:h:abb:nexus-2128:-:*:*:*:*:*:*:*

>>nexus-2128-a_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*

>>nexus-2128-a>>-

cpe:2.3:h:abb:nexus-2128-a:-:*:*:*:*:*:*:*

>>nexus-2128-g_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*

>>nexus-2128-g>>-

cpe:2.3:h:abb:nexus-2128-g:-:*:*:*:*:*:*:*

>>nexus-2128-f_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*

>>nexus-2128-f>>-

cpe:2.3:h:abb:nexus-2128-f:-:*:*:*:*:*:*:*

>>nexus-3-2128_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*

>>nexus-3-2128>>-

cpe:2.3:h:abb:nexus-3-2128:-:*:*:*:*:*:*:*

>>nexus-3-264_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*

>>nexus-3-264>>-

cpe:2.3:h:abb:nexus-3-264:-:*:*:*:*:*:*:*

>>nexus-264_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-264:-:*:*:*:*:*:*:*

>>nexus-264-a_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*

>>nexus-264-a>>-

cpe:2.3:h:abb:nexus-264-a:-:*:*:*:*:*:*:*

>>nexus-264-g_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*

>>nexus-264-g>>-

cpe:2.3:h:abb:nexus-264-g:-:*:*:*:*:*:*:*

>>nexus-264-f_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*

>>nexus-264-f>>-

cpe:2.3:h:abb:nexus-264-f:-:*:*:*:*:*:*:*

>>matrix-216_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*

>>matrix-216>>-

cpe:2.3:h:abb:matrix-216:-:*:*:*:*:*:*:*

>>matrix-232_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*

>>matrix-232>>-

cpe:2.3:h:abb:matrix-232:-:*:*:*:*:*:*:*

>>matrix-296_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*

>>matrix-296>>-

cpe:2.3:h:abb:matrix-296:-:*:*:*:*:*:*:*

>>matrix-264_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*

>>matrix-264>>-

cpe:2.3:h:abb:matrix-264:-:*:*:*:*:*:*:*

>>matrix-11_firmware>>Versions from 3.0.0(inclusive) to 3.07.01(exclusive)

cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:matrix-11:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-77	Primary	cybersecurity@ch.abb.com

CWE ID: CWE-77

Type: Primary

Source: cybersecurity@ch.abb.com

References

Hyperlink	Source	Resource
https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch	cybersecurity@ch.abb.com	Vendor Advisory

Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch

Source: cybersecurity@ch.abb.com

Resource:

Vendor Advisory