CVE-2023-45231 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-45231 PUBLISHED CVSS 6.5 MEDIUM

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

EPSS 0.13% · 32.9th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

EPSS Score

0.13%

32.9th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB APC3100 <1.45
ABB	ABB MPC3100 <1.24
ABB	ABB PPC2200 <1.35
ABB	ABB APC910 <=1.25
ABB	ABB PPC1200 <1.14
ABB	ABB C80 <1.14
ABB	ABB APC2200 <1.35
ABB	ABB PPC3100 <1.45
ABB	ABB PPC900 <2.16
ABB	ABB APC4100 <1.09

Timeline

Jan 16, 2024 CVE Published
Jan 24, 2024 EPSS Score
Feb 20, 2024 EPSS Score
Mar 18, 2024 EPSS Score
Apr 15, 2024 EPSS Score
May 12, 2024 EPSS Score
Jun 8, 2024 EPSS Score
Jul 5, 2024 EPSS Score
Aug 2, 2024 EPSS Score
Aug 29, 2024 EPSS Score
Sep 25, 2024 EPSS Score
Oct 22, 2024 EPSS Score

References

https://psirt.abb.com/csaf/2026/sa24p003.json advisory
https://www.br-automation.com/fileadmin/SA24P003-bb9ea116.pdf advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-45231 advisory

Open in Interactive Console →