CVE-2023-45235 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-45235 PUBLISHED CVSS 8.300000190734863 HIGH

EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

EPSS 0.40% · 60.2th percentile

Risk Scores

CVSS v3.1

8.300000190734863

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C

EPSS Score

0.40%

60.2th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB PPC900 <2.16
ABB	ABB C80 <1.14
ABB	ABB APC2200 <1.35
ABB	ABB PPC3100 <1.45
ABB	ABB PPC2200 <1.35
ABB	ABB PPC1200 <1.14
ABB	ABB MPC3100 <1.24
ABB	ABB APC4100 <1.09
ABB	ABB APC3100 <1.45
ABB	ABB APC910 <=1.25

Timeline

Jan 16, 2024 CVE Published
Jan 24, 2024 EPSS Score
Feb 20, 2024 EPSS Score
Mar 18, 2024 EPSS Score
Apr 15, 2024 EPSS Score
May 12, 2024 EPSS Score
Jun 8, 2024 EPSS Score
Jul 5, 2024 EPSS Score
Aug 2, 2024 EPSS Score
Sep 25, 2024 EPSS Score
Oct 22, 2024 EPSS Score
Nov 19, 2024 EPSS Score

References

https://psirt.abb.com/csaf/2026/sa24p003.json advisory
https://www.br-automation.com/fileadmin/SA24P003-bb9ea116.pdf advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-45235 advisory

Open in Interactive Console →