CVE-2023-0636
Remote Code Execution via Command Injection
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.
*Credits:
ABB would like to thank Prism Infosec for identifying this vulnerability in its products and for dealing with it in a professional manner.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-02-02 CVE Reserved
- 2023-06-05 CVE Published
- 2024-07-07 EPSS Updated
- 2024-09-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
- CAPEC-248: Command Injection
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Abb Search vendor "Abb" | Aspect-ent-2 Firmware Search vendor "Abb" for product "Aspect-ent-2 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Aspect-ent-2 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Aspect-ent-2 Search vendor "Abb" for product "Aspect-ent-2" | - | - |
Safe
|
| Abb Search vendor "Abb" | Aspect-ent-12 Firmware Search vendor "Abb" for product "Aspect-ent-12 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Aspect-ent-12 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Aspect-ent-12 Search vendor "Abb" for product "Aspect-ent-12" | - | - |
Safe
|
| Abb Search vendor "Abb" | Aspect-ent-256 Firmware Search vendor "Abb" for product "Aspect-ent-256 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Aspect-ent-256 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Aspect-ent-256 Search vendor "Abb" for product "Aspect-ent-256" | - | - |
Safe
|
| Abb Search vendor "Abb" | Aspect-ent-96 Firmware Search vendor "Abb" for product "Aspect-ent-96 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Aspect-ent-96 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Aspect-ent-96 Search vendor "Abb" for product "Aspect-ent-96" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-2128 Firmware Search vendor "Abb" for product "Nexus-2128 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Nexus-2128 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-2128 Search vendor "Abb" for product "Nexus-2128" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-2128-a Firmware Search vendor "Abb" for product "Nexus-2128-a Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Nexus-2128-a Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-2128-a Search vendor "Abb" for product "Nexus-2128-a" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-2128-g Firmware Search vendor "Abb" for product "Nexus-2128-g Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Nexus-2128-g Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-2128-g Search vendor "Abb" for product "Nexus-2128-g" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-2128-f Firmware Search vendor "Abb" for product "Nexus-2128-f Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Nexus-2128-f Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-2128-f Search vendor "Abb" for product "Nexus-2128-f" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-3-2128 Firmware Search vendor "Abb" for product "Nexus-3-2128 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Nexus-3-2128 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-3-2128 Search vendor "Abb" for product "Nexus-3-2128" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-3-264 Firmware Search vendor "Abb" for product "Nexus-3-264 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Nexus-3-264 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-3-264 Search vendor "Abb" for product "Nexus-3-264" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-264 Firmware Search vendor "Abb" for product "Nexus-264 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Nexus-264 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-264 Search vendor "Abb" for product "Nexus-264" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-264-a Firmware Search vendor "Abb" for product "Nexus-264-a Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Nexus-264-a Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-264-a Search vendor "Abb" for product "Nexus-264-a" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-264-g Firmware Search vendor "Abb" for product "Nexus-264-g Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Nexus-264-g Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-264-g Search vendor "Abb" for product "Nexus-264-g" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-264-f Firmware Search vendor "Abb" for product "Nexus-264-f Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Nexus-264-f Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-264-f Search vendor "Abb" for product "Nexus-264-f" | - | - |
Safe
|
| Abb Search vendor "Abb" | Matrix-216 Firmware Search vendor "Abb" for product "Matrix-216 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Matrix-216 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Matrix-216 Search vendor "Abb" for product "Matrix-216" | - | - |
Safe
|
| Abb Search vendor "Abb" | Matrix-232 Firmware Search vendor "Abb" for product "Matrix-232 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Matrix-232 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Matrix-232 Search vendor "Abb" for product "Matrix-232" | - | - |
Safe
|
| Abb Search vendor "Abb" | Matrix-296 Firmware Search vendor "Abb" for product "Matrix-296 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Matrix-296 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Matrix-296 Search vendor "Abb" for product "Matrix-296" | - | - |
Safe
|
| Abb Search vendor "Abb" | Matrix-264 Firmware Search vendor "Abb" for product "Matrix-264 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Matrix-264 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Matrix-264 Search vendor "Abb" for product "Matrix-264" | - | - |
Safe
|
| Abb Search vendor "Abb" | Matrix-11 Firmware Search vendor "Abb" for product "Matrix-11 Firmware" | >= 3.0.0 < 3.07.01 Search vendor "Abb" for product "Matrix-11 Firmware" and version " >= 3.0.0 < 3.07.01" | - |
Affected
| in | Abb Search vendor "Abb" | Matrix-11 Search vendor "Abb" for product "Matrix-11" | - | - |
Safe
|