CVE-2023-0425

Buffer overflow in global memory region

Description

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible.  Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F:  from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;  Freelance controllers AC 900F:  Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.

Remediation

Workaround:

  • ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerabilities, they can help block known attack vectors. CVE-2023-0425: Buffer Overflow We recommend disabling the webserver when not needed. The webserver is disabled by default from Freelance 2019 SP1 FP1 on (see Release Notes 2PAA124716-112).

Category

8.6
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.23%
Vendor Advisory abb.com
Affected: ABB Freelance controllers AC 700F
Affected: ABB Freelance controllers AC 900F
Published at:
Updated at:

References

Link Tags
https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.68514131.339223974.1691382343-1911411808.1686627590 patch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-0425?
CVE-2023-0425 has been scored as a high severity vulnerability.
How to fix CVE-2023-0425?
As a workaround for remediating CVE-2023-0425: ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerabilities, they can help block known attack vectors. CVE-2023-0425: Buffer Overflow We recommend disabling the webserver when not needed. The webserver is disabled by default from Freelance 2019 SP1 FP1 on (see Release Notes 2PAA124716-112).
Is CVE-2023-0425 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-0425 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-0425?
CVE-2023-0425 affects ABB Freelance controllers AC 700F, ABB Freelance controllers AC 900F.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.