CVE-2023-45237 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-45237 PUBLISHED CVSS 5.300000190734863 MEDIUM

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

EPSS 0.38% · 59.0th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

EPSS Score

0.38%

59.0th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB APC4100 <1.09
ABB	ABB PPC1200 <1.14
ABB	ABB PPC2200 <1.35
ABB	ABB APC910 <=1.25
ABB	ABB APC2200 <1.35
ABB	ABB PPC900 <2.16
ABB	ABB C80 <1.14
ABB	ABB APC3100 <1.45
ABB	ABB PPC3100 <1.45
ABB	ABB MPC3100 <1.24

Timeline

Jan 16, 2024 CVE Published
Jan 24, 2024 EPSS Score
Feb 20, 2024 EPSS Score
Mar 18, 2024 EPSS Score
Apr 15, 2024 EPSS Score
May 12, 2024 EPSS Score
Jun 8, 2024 EPSS Score
Jul 5, 2024 EPSS Score
Aug 2, 2024 EPSS Score
Aug 29, 2024 EPSS Score
Sep 25, 2024 EPSS Score
Oct 22, 2024 EPSS Score

References

https://psirt.abb.com/csaf/2026/sa24p003.json advisory
https://www.br-automation.com/fileadmin/SA24P003-bb9ea116.pdf advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-45237 advisory

Open in Interactive Console →