CVE-2023-45233 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-45233 PUBLISHED CVSS 7.5 HIGH

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

EPSS 0.48% · 65.0th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

EPSS Score

0.48%

65.0th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB PPC3100 <1.45
ABB	ABB MPC3100 <1.24
ABB	ABB PPC2200 <1.35
ABB	ABB APC3100 <1.45
ABB	ABB PPC1200 <1.14
ABB	ABB APC910 <=1.25
ABB	ABB PPC900 <2.16
ABB	ABB APC2200 <1.35
ABB	ABB APC4100 <1.09
ABB	ABB C80 <1.14

Timeline

Jan 16, 2024 CVE Published
Jan 24, 2024 EPSS Score
Feb 20, 2024 EPSS Score
Mar 18, 2024 EPSS Score
May 12, 2024 EPSS Score
Jun 8, 2024 EPSS Score
Jul 5, 2024 EPSS Score
Aug 2, 2024 EPSS Score
Aug 29, 2024 EPSS Score
Sep 25, 2024 EPSS Score
Nov 19, 2024 EPSS Score
Dec 17, 2024 EPSS Score

References

https://psirt.abb.com/csaf/2026/sa24p003.json advisory
https://www.br-automation.com/fileadmin/SA24P003-bb9ea116.pdf advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-45233 advisory

Open in Interactive Console →