OpenCVE

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Abb	Zenon

Configuration 1 [-]

cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590

History

Fri, 18 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2023-07-24T17:20:49.522Z

Updated: 2024-10-18T13:02:53.261Z

Reserved: 2023-06-19T15:47:23.648Z

Link: CVE-2023-3324

Vulnrichment

Updated: 2024-08-02T06:55:02.774Z

NVD

Status : Modified

Published: 2023-07-24T18:15:23.717

Modified: 2024-11-21T08:17:01.000

Link: CVE-2023-3324

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3324", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2023-06-19T15:47:23.648Z", "datePublished": "2023-07-24T17:20:49.522Z", "dateUpdated": "2024-10-18T13:02:53.261Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ABB Ability\u2122 zenon", "vendor": "ABB", "versions": [{"lessThanOrEqual": "11 build 106404", "status": "affected", "version": "11 build", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers."}], "datePublic": "2023-07-23T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.<br><p>This issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.</p>\n\n"}], "value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-01-24T11:49:17.721Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"}], "source": {"discovery": "UNKNOWN"}, "title": " Insecure deserialization in zenon internal DLLs", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nThe BinaryFormatter class used in implementation of zenon runtime is considered unsafe, as it allows users to create arbitrary classes not limited to the classes the developer intended to deserialize. By deserializing user-controlled content, it may be possible\nfor attackers may potentially load and run random code.  The mitigation steps are as follows:\n\u25aa In the Engineering Studio application remove the .cdwpf files from the graphics\nfolder of each project that contains .cdwpf files created by the 3D Configurator\ntool.\n\u25aa On the system with the Engineering Studio, for each affected project, remove\nthe RT folder containing the Service Engine files\n\u25aa Compile new files in the Engineering Studio for each affected project\n\u25aa On the system with the Service Engine, remove the RT folder of each affected\nproject\n\u25aa Transport to or place onto the system with the Service Engine the newly created Service Engine files that no longer contain the .cdwpf files\n\u2022 Note: the vulnerability only exists if the 3D configurator tool is used to generate .cdwpf files\nthat are used in screens in projects for display of 3D models\n\n<br>"}], "value": "\nThe BinaryFormatter class used in implementation of zenon runtime is considered unsafe, as it allows users to create arbitrary classes not limited to the classes the developer intended to deserialize. By deserializing user-controlled content, it may be possible\nfor attackers may potentially load and run random code.\u00a0 The mitigation steps are as follows:\n\u25aa In the Engineering Studio application remove the .cdwpf files from the graphics\nfolder of each project that contains .cdwpf files created by the 3D Configurator\ntool.\n\u25aa On the system with the Engineering Studio, for each affected project, remove\nthe RT folder containing the Service Engine files\n\u25aa Compile new files in the Engineering Studio for each affected project\n\u25aa On the system with the Service Engine, remove the RT folder of each affected\nproject\n\u25aa Transport to or place onto the system with the Service Engine the newly created Service Engine files that no longer contain the .cdwpf files\n\u2022 Note: the vulnerability only exists if the 3D configurator tool is used to generate .cdwpf files\nthat are used in screens in projects for display of 3D models\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:02.774Z"}, "title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-18T13:00:02.672918Z", "id": "CVE-2023-3324", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T13:02:53.261Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:02.774Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3324", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-18T13:00:02.672918Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T13:02:48.347Z"}}], "cna": {"title": " Insecure deserialization in zenon internal DLLs", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ABB", "product": "ABB Ability\u2122 zenon", "versions": [{"status": "affected", "version": "11 build", "versionType": "custom", "lessThanOrEqual": "11 build 106404"}], "defaultStatus": "unaffected"}], "datePublic": "2023-07-23T18:30:00.000Z", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"}], "workarounds": [{"lang": "en", "value": "\nThe BinaryFormatter class used in implementation of zenon runtime is considered unsafe, as it allows users to create arbitrary classes not limited to the classes the developer intended to deserialize. By deserializing user-controlled content, it may be possible\nfor attackers may potentially load and run random code.\u00a0 The mitigation steps are as follows:\n\u25aa In the Engineering Studio application remove the .cdwpf files from the graphics\nfolder of each project that contains .cdwpf files created by the 3D Configurator\ntool.\n\u25aa On the system with the Engineering Studio, for each affected project, remove\nthe RT folder containing the Service Engine files\n\u25aa Compile new files in the Engineering Studio for each affected project\n\u25aa On the system with the Service Engine, remove the RT folder of each affected\nproject\n\u25aa Transport to or place onto the system with the Service Engine the newly created Service Engine files that no longer contain the .cdwpf files\n\u2022 Note: the vulnerability only exists if the 3D configurator tool is used to generate .cdwpf files\nthat are used in screens in projects for display of 3D models\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nThe BinaryFormatter class used in implementation of zenon runtime is considered unsafe, as it allows users to create arbitrary classes not limited to the classes the developer intended to deserialize. By deserializing user-controlled content, it may be possible\nfor attackers may potentially load and run random code.  The mitigation steps are as follows:\n\u25aa In the Engineering Studio application remove the .cdwpf files from the graphics\nfolder of each project that contains .cdwpf files created by the 3D Configurator\ntool.\n\u25aa On the system with the Engineering Studio, for each affected project, remove\nthe RT folder containing the Service Engine files\n\u25aa Compile new files in the Engineering Studio for each affected project\n\u25aa On the system with the Service Engine, remove the RT folder of each affected\nproject\n\u25aa Transport to or place onto the system with the Service Engine the newly created Service Engine files that no longer contain the .cdwpf files\n\u2022 Note: the vulnerability only exists if the 3D configurator tool is used to generate .cdwpf files\nthat are used in screens in projects for display of 3D models\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.<br><p>This issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.</p>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-01-24T11:49:17.721Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3324", "state": "PUBLISHED", "dateUpdated": "2024-10-18T13:02:53.261Z", "dateReserved": "2023-06-19T15:47:23.648Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2023-07-24T17:20:49.522Z", "assignerShortName": "ABB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:zenon:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCBA76C8-16C7-49BF-8D76-CD618F8FC32E", "versionEndIncluding": "11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n"}], "id": "CVE-2023-3324", "lastModified": "2024-11-21T08:17:01.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.5, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-24T18:15:23.717", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Mitigation", "Technical Description", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Technical Description", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}