CVE-2023-45232 — Vulnetix

CVE-2023-45232 PUBLISHED CVSS 7.5 HIGH

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

EPSS 0.46% · 64.6th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

EPSS Score

0.46%

64.6th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB PPC2200 <1.35
ABB	ABB APC4100 <1.09
ABB	B&R Industrial Automation GmbH PPC2200 <1.35
ABB	ABB MPC3100 <1.24
ABB	ABB APC3100 <1.45
ABB	B&R Industrial Automation GmbH PPC900 <2.16
ABB	B&R Industrial Automation GmbH APC910 <=1.25
ABB	B&R Industrial Automation GmbH APC2200 <1.35
ABB	B&R Industrial Automation GmbH PPC1200 <1.14
ABB	ABB PPC1200 <1.14
ABB	B&R Industrial Automation GmbH PPC3100 <1.45
ABB	B&R Industrial Automation GmbH C80 <1.14
ABB	ABB APC2200 <1.35
ABB	ABB PPC3100 <1.45
ABB	B&R Industrial Automation GmbH APC4100 <1.09
ABB	ABB PPC900 <2.16
ABB	B&R Industrial Automation GmbH APC3100 <1.45
ABB	ABB C80 <1.14
ABB	ABB APC910 <=1.25
ABB	B&R Industrial Automation GmbH MPC3100 <1.24

Exploit Intelligence

Timeline

Jan 16, 2024 CVE Published
Jan 24, 2024 EPSS Score
Feb 21, 2024 EPSS Score
Mar 8, 2024 EPSS Score
Apr 16, 2024 EPSS Score
May 14, 2024 EPSS Score
Jun 11, 2024 EPSS Score
Jul 9, 2024 EPSS Score
Aug 6, 2024 EPSS Score
Sep 30, 2024 EPSS Score
Oct 28, 2024 EPSS Score
Nov 25, 2024 EPSS Score

References

https://psirt.abb.com/csaf/2026/sa24p003.json advisory
https://www.br-automation.com/fileadmin/SA24P003-bb9ea116.pdf advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-45232 advisory

Open in Interactive Console →