- What is the severity of CVE-2023-3324?
- CVE-2023-3324 has been scored as a medium severity vulnerability.
- How to fix CVE-2023-3324?
- As a workaround for remediating CVE-2023-3324: The BinaryFormatter class used in implementation of zenon runtime is considered unsafe, as it allows users to create arbitrary classes not limited to the classes the developer intended to deserialize. By deserializing user-controlled content, it may be possible for attackers may potentially load and run random code. The mitigation steps are as follows: ▪ In the Engineering Studio application remove the .cdwpf files from the graphics folder of each project that contains .cdwpf files created by the 3D Configurator tool. ▪ On the system with the Engineering Studio, for each affected project, remove the RT folder containing the Service Engine files ▪ Compile new files in the Engineering Studio for each affected project ▪ On the system with the Service Engine, remove the RT folder of each affected project ▪ Transport to or place onto the system with the Service Engine the newly created Service Engine files that no longer contain the .cdwpf files • Note: the vulnerability only exists if the 3D configurator tool is used to generate .cdwpf files that are used in screens in projects for display of 3D models
- Is CVE-2023-3324 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2023-3324 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2023-3324?
- CVE-2023-3324 affects ABB ABB Ability™ zenon.