Multiple vulnerabilities in ABB DC Drives and Power Controllers containing CODESYS RTS
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2023-37550 CVE-2022-4046 CVE-2023-37545 CVE-2023-37546 CVE-2023-37547 CVE-2023-37548 CVE-2023-37549 CVE-2023-37552 CVE-2023-37553 CVE-2023-37554 CVE-2023-37555 CVE-2023-37556 CVE-2023-37557 CVE-2023-37558 CVE-2023-37559 |
| CWE-ID | CWE-20 CWE-119 CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
DCS880 memory unit incl. DCC Hardware solutions / Firmware DCS880 memory unit incl. DEMag Hardware solutions / Firmware DCS880 memory unit incl. ABB Drive Application Builder license Hardware solutions / Firmware DCT880 memory unit incl. Power Optimizer Hardware solutions / Firmware DCT880 memory unit incl. ABB Drive Application Builder license Hardware solutions / Firmware |
| Vendor | ABB |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU107050
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37550
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU107056
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-4046
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote user can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU107055
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37545
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU107054
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37546
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU107053
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37547
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU107052
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37548
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU107051
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37549
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU107046
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37552
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppBP component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU107045
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37553
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppBP component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU107044
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37554
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppBP component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU107043
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37555
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppBP component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU107042
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37556
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppBP component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU107041
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37557
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the CmpAppBP component. A remote user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU107040
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppForce component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU107039
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37559
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpAppForce component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDCS880 memory unit incl. DCC: All versions
DCS880 memory unit incl. DEMag: All versions
DCS880 memory unit incl. ABB Drive Application Builder license: All versions
DCT880 memory unit incl. Power Optimizer: All versions
DCT880 memory unit incl. ABB Drive Application Builder license: All versions
CPE2.3- cpe:2.3:h:abb:dcs880_memory_unitl_dcc:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_demag:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dcs880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_power_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:h:abb:dct880_memory_unitl_abb_drive_application_builder_license:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK108470A9494&DocumentPartId=PDF&LanguageCode=en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
