Multiple vulnerabilities in ABB ACS880 Drives containing CODESYS RTS
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2023-37550 CVE-2022-4046 CVE-2023-37545 CVE-2023-37546 CVE-2023-37547 CVE-2023-37548 CVE-2023-37549 CVE-2023-37552 CVE-2023-37553 CVE-2023-37554 CVE-2023-37555 CVE-2023-37556 CVE-2023-37557 CVE-2023-37558 CVE-2023-37559 |
| CWE-ID | CWE-20 CWE-119 CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
ACS880 Test Bench Control Program ATBLX Hardware solutions / Firmware ACS880 Position Control Program APCLX Hardware solutions / Firmware ACS880 IGBT Supply Control Program YLHLX Hardware solutions / Firmware ACS880 IGBT Supply Control Program YISLX Hardware solutions / Firmware ACS880 IGBT Supply Control Program ALHLX Hardware solutions / Firmware ACS880 IGBT Supply Control Program AISLX Hardware solutions / Firmware ACS880 Primary Control Program YINLX Hardware solutions / Firmware ACS880 Primary Control Program AINLX Hardware solutions / Firmware |
| Vendor | ABB |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU107050
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37550
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU107056
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-4046
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote user can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU107055
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37545
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU107054
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37546
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU107053
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37547
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU107052
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37548
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU107051
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37549
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU107046
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37552
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppBP component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU107045
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37553
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppBP component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU107044
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37554
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppBP component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU107043
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37555
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppBP component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU107042
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37556
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppBP component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU107041
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37557
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the CmpAppBP component. A remote user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU107040
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppForce component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU107039
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37559
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppForce component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsACS880 Test Bench Control Program ATBLX: 3.44.0.0
ACS880 Position Control Program APCLX: 1.04.0.5
ACS880 IGBT Supply Control Program YLHLX: before 1.30
ACS880 IGBT Supply Control Program YISLX: before 1.30
ACS880 IGBT Supply Control Program ALHLX: before 3.43
ACS880 IGBT Supply Control Program AISLX: before 3.43
ACS880 Primary Control Program YINLX: before 1.30
ACS880 Primary Control Program AINLX: before 3.47
CPE2.3- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_test_bench_control_program_atblx:3.44.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_position_control_program_apclx:1.04.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_ylhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_yislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_alhlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_igbt_supply_control_program_aislx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_yinlx:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:acs880_primary_control_program_ainlx:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9491&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
