VDB
CVE-2023-40217
CVE-2023-40217
PUBLISHED
CVSS 5.300000190734863 MEDIUM
If a TLS server side socket is created, receives data, and then closes quickly, there's a brief window where the SSLSocket instance detects it as "not connected" and won't initiate a handshake. Buffered data remains readable but unauthenticated if client certificate authentication is expected. This data is limited to the buffer size. An unauthenticated attacker could exploit this vulnerability for revealing sensitive information from the server.
EPSS 0.58% · 69.2th percentile
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:C
EPSS Score
0.58%
69.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudflare | stream | |
| AWS | connect | |
| ABB | ABB M2M Gateway ARM600, firmware versions >=4.1.2|<=5.0.3 | |
| ABB | ABB M2M Gateway SW, software versions >=5.0.1|<=5.0.3 |
Timeline
- Aug 24, 2023 CVE Published
- Aug 25, 2023 EPSS Score
- Aug 28, 2023 CVE Updated
- Sep 27, 2023 EPSS Score
- Dec 2, 2023 EPSS Score
- Jan 4, 2024 EPSS Score
- Feb 6, 2024 EPSS Score
- Mar 10, 2024 EPSS Score
- May 15, 2024 EPSS Score
- Jun 17, 2024 EPSS Score
- Jul 20, 2024 EPSS Score
- Aug 22, 2024 EPSS Score
References
- https://psirt.abb.com/csaf/2025/2nga002579.json advisory
- https://library.e.abb.com/public/ffab1a14a42646c6adee38fc3de61dad/Arctic_csdepl_758860_ENf.pdf advisory
- https://library.e.abb.com/public/0498e4c0babd46aa9243aedd6f99c375/ARM600_user_758861_ENk.pdf advisory
- https://new.abb.com/service/electrification/life-cycle-management?pe_data=D42415F457244415145784545584371%7C29609824 advisory
- https://search.abb.com/library/Download.aspx?DocumentID=2NGA002579&LanguageCode=en&DocumentPartId=pdf&Action=Launch advisory
- https://search.abb.com/library/Download.aspx?DocumentID=1MRS758860&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-40217 advisory