CVE-2023-0228

Published Mar 2, 2023

Last updated a year ago

CVSS high 8.8

Overview

Description: Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.
Source: cybersecurity@ch.abb.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-287
cybersecurity@ch.abb.com: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:abb:symphony_plus_s\\+_operations:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4420528-FF5F-4DF5-8EF8-7FE3AE3E2E2F",
            "versionEndExcluding": "2.1",
            "versionStartIncluding": "2.0"
          },
          {
            "criteria": "cpe:2.3:a:abb:symphony_plus_s\\+_operations:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "039A846A-1C0D-4891-AF1D-594168EB541B",
            "versionEndExcluding": "3.3",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:abb:symphony_plus_s\\+_operations:2.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C585018-9810-4239-BF2B-D34DA1053075"
          },
          {
            "criteria": "cpe:2.3:a:abb:symphony_plus_s\\+_operations:2.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "746D2895-488F-4460-99D8-5BA92FA76115"
          },
          {
            "criteria": "cpe:2.3:a:abb:symphony_plus_s\\+_operations:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E94F36AC-37BA-4192-8790-6F432A5CE318"
          },
          {
            "criteria": "cpe:2.3:a:abb:symphony_plus_s\\+_operations:3.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F98897F-AB7D-47C1-A560-94C59C094765"
          },
          {
            "criteria": "cpe:2.3:a:abb:symphony_plus_s\\+_operations:3.3:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6435B0C6-91D9-484A-9891-11910776E542"
          },
          {
            "criteria": "cpe:2.3:a:abb:symphony_plus_s\\+_operations:3.3:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2CCF182-6902-4771-96A9-6BD3C2A64158"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References