CVE-2023-3323

Name of the Vulnerable Software and Affected Versions ABB Ability zenon versions 11 build through 11 build 106404

Description A vulnerability exists in the ABB Ability zenon system, allowing low-privileged users to read and update data in various directories. This issue is related to errors in using standard permissions. An attacker could exploit the vulnerability by using specially crafted programs to run on hosts with zenon installed, potentially allowing them to read and update arbitrary data in the system's directories.

Recommendations For versions 11 build through 11 build 106404, consider restricting access to sensitive directories and implementing additional security measures to prevent low-privileged users from exploiting the vulnerability. As a temporary workaround, consider disabling any functionality that allows low-privileged users to read and update data in various directories until a patch is available.