CVE-2023-3324

Name of the Vulnerable Software and Affected Versions ABB Ability zenon versions 11 build through 11 build 106404

Description A vulnerability exists in the ABB Ability zenon system, allowing low-privileged users to read and update data in various directories. This issue can be exploited by attackers using specially crafted programs, enabling them to run on hosts with zenon installed. The vulnerability is related to the recovery of invalid data in memory, which can allow an attacker to read and update arbitrary data in different system directories.

Recommendations For versions 11 build through 11 build 106404, consider restricting access to sensitive directories and implementing additional security measures to prevent low-privileged users from exploiting the vulnerability. As a temporary workaround, consider disabling any functionality that allows low-privileged users to read and update data in various directories until a patch is available.