{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-3324", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2023-06-19T15:47:23.648Z", "datePublished": "2023-07-24T17:20:49.522Z", "dateUpdated": "2024-01-24T11:49:17.721Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ABB Ability\u2122 zenon", "vendor": "ABB", "versions": [{"lessThanOrEqual": "11 build 106404", "status": "affected", "version": "11 build", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers."}], "datePublic": "2023-07-23T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.<br><p>This issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.</p>\n\n"}], "value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-01-24T11:49:17.721Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"}], "source": {"discovery": "UNKNOWN"}, "title": " Insecure deserialization in zenon internal DLLs", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nThe BinaryFormatter class used in implementation of zenon runtime is considered unsafe, as it allows users to create arbitrary classes not limited to the classes the developer intended to deserialize. By deserializing user-controlled content, it may be possible\nfor attackers may potentially load and run random code.&nbsp; The mitigation steps are as follows:\n\u25aa In the Engineering Studio application remove the .cdwpf files from the graphics\nfolder of each project that contains .cdwpf files created by the 3D Configurator\ntool.\n\u25aa On the system with the Engineering Studio, for each affected project, remove\nthe RT folder containing the Service Engine files\n\u25aa Compile new files in the Engineering Studio for each affected project\n\u25aa On the system with the Service Engine, remove the RT folder of each affected\nproject\n\u25aa Transport to or place onto the system with the Service Engine the newly created Service Engine files that no longer contain the .cdwpf files\n\u2022 Note: the vulnerability only exists if the 3D configurator tool is used to generate .cdwpf files\nthat are used in screens in projects for display of 3D models\n\n<br>"}], "value": "\nThe BinaryFormatter class used in implementation of zenon runtime is considered unsafe, as it allows users to create arbitrary classes not limited to the classes the developer intended to deserialize. By deserializing user-controlled content, it may be possible\nfor attackers may potentially load and run random code.\u00a0 The mitigation steps are as follows:\n\u25aa In the Engineering Studio application remove the .cdwpf files from the graphics\nfolder of each project that contains .cdwpf files created by the 3D Configurator\ntool.\n\u25aa On the system with the Engineering Studio, for each affected project, remove\nthe RT folder containing the Service Engine files\n\u25aa Compile new files in the Engineering Studio for each affected project\n\u25aa On the system with the Service Engine, remove the RT folder of each affected\nproject\n\u25aa Transport to or place onto the system with the Service Engine the newly created Service Engine files that no longer contain the .cdwpf files\n\u2022 Note: the vulnerability only exists if the 3D configurator tool is used to generate .cdwpf files\nthat are used in screens in projects for display of 3D models\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCBA76C8-16C7-49BF-8D76-CD618F8FC32E", "versionEndIncluding": "11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n"}], "id": "CVE-2023-3324", "lastModified": "2023-08-01T21:12:32.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.5, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2023-07-24T18:15:23.717", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Mitigation", "Technical Description", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "cybersecurity@ch.abb.com", "type": "Primary"}]}

{}