CVE-2023-45232 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-45232 PUBLISHED CVSS 7.5 HIGH

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

EPSS 0.48% · 65.0th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

EPSS Score

0.48%

65.0th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB PPC2200 <1.35
ABB	ABB APC4100 <1.09
ABB	ABB MPC3100 <1.24
ABB	ABB APC3100 <1.45
ABB	ABB PPC1200 <1.14
ABB	ABB APC2200 <1.35
ABB	ABB PPC3100 <1.45
ABB	ABB PPC900 <2.16
ABB	ABB C80 <1.14
ABB	ABB APC910 <=1.25

Timeline

Jan 16, 2024 CVE Published
Jan 24, 2024 EPSS Score
Feb 20, 2024 EPSS Score
Mar 8, 2024 EPSS Score
Apr 15, 2024 EPSS Score
May 12, 2024 EPSS Score
Jun 8, 2024 EPSS Score
Jul 5, 2024 EPSS Score
Aug 2, 2024 EPSS Score
Sep 25, 2024 EPSS Score
Oct 22, 2024 EPSS Score
Nov 19, 2024 EPSS Score

References

https://psirt.abb.com/csaf/2026/sa24p003.json advisory
https://www.br-automation.com/fileadmin/SA24P003-bb9ea116.pdf advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-45232 advisory

Open in Interactive Console →