CVE-2023-0426

Name of the Vulnerable Software and Affected Versions ABB Freelance controllers AC 700F versions 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1 ABB Freelance controllers AC 900F versions through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1

Description The issue is related to a Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F and AC 900F. An attacker who successfully exploited this vulnerability could cause the product to stop or make the product inaccessible by sending a specially crafted HTTP request.

Recommendations For ABB Freelance controllers AC 700F versions 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1: Update to a version that resolves the reported vulnerabilities. For ABB Freelance controllers AC 900F versions through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1: Update to a version that resolves the reported vulnerabilities. As a temporary workaround, consider restricting access to the vulnerable controller modules until a patch is available.