CVE-2023-39417 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-39417 PUBLISHED CVSS 7.5 HIGH

If an administrator has installed Extension scripts and specific data is used inside a quoting con-struct, an attacker having proper PostgreSQL privileges can execute arbitrary code in the system as the administrator.

EPSS 0.68% · 71.4th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

EPSS Score

0.68%

71.4th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB Ability™ Symphony® Plus S+ Engineering 2.3 RU2
ABB	ABB Ability™ Symphony® Plus S+ Engineering 2.4 SP1
ABB	ABB Ability™ Symphony® Plus S+ Engineering 2.3 RU1
ABB	ABB Ability™ Symphony® Plus S+ Engineering 2.4
ABB	ABB Ability™ Symphony® Plus S+ Engineering 2.4 SP2
ABB	ABB Ability™ Symphony® Plus S+ Engineering 2.2
ABB	ABB Ability™ Symphony® Plus S+ Engineering 2.3 RU3
ABB	ABB Ability™ Symphony® Plus S+ Engineering 2.3

Timeline

Aug 10, 2023 CVE Published
Aug 12, 2023 EPSS Score
Sep 14, 2023 EPSS Score
Nov 19, 2023 EPSS Score
Dec 22, 2023 EPSS Score
Jan 24, 2024 EPSS Score
Mar 30, 2024 EPSS Score
May 1, 2024 EPSS Score
Jun 3, 2024 EPSS Score
Jul 6, 2024 EPSS Score
Sep 10, 2024 EPSS Score
Oct 13, 2024 EPSS Score

References

Open in Interactive Console →