CVE-2023-0425

Name of the Vulnerable Software and Affected Versions ABB Freelance controllers AC 700F versions 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1 ABB Freelance controllers AC 900F versions Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1

Description The issue is related to a Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers. This vulnerability can be exploited by an attacker to stop the controller or make it inaccessible by sending a specially crafted HTTP request.

Recommendations For ABB Freelance controllers AC 700F versions 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1, update to a version that resolves the reported vulnerabilities. For ABB Freelance controllers AC 900F versions Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1, update to a version that resolves the reported vulnerabilities. As a temporary workaround, consider restricting access to the vulnerable controllers to minimize the risk of exploitation.