PatchSiren cyber security CVE debrief
CVE-2023-24329 ABB CVE debrief
CVE-2023-24329 is a medium-severity issue disclosed in ABB’s CISA advisory for ABB M2M Gateway ARM600 and related ABB M2M Gateway SW versions. The vulnerability is in Python’s urllib.parse handling of URLs that begin with blank characters, which can let an authenticated attacker bypass blocklisting checks and add or modify data.
- Vendor
- ABB
- Product
- ABB M2M Gateway ARM600
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
ABB ARM600 administrators, OT/ICS operators, network security teams, and anyone managing ABB M2M Gateway systems or supporting engineering workstations in industrial environments.
Technical summary
According to the supplied CISA CSAF advisory, the flaw affects the urllib.parse component of Python: if a URL begins with blank characters, blocklisting methods may be bypassed. The advisory lists affected ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3. The published CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, reflecting authenticated network-reachable abuse with integrity impact.
Defensive priority
Medium. Prioritize remediation if the affected gateway is reachable from less-trusted networks, supports authenticated remote administration, or sits on paths that handle URL-based allow/deny logic.
Recommended defensive actions
- Verify whether ABB M2M Gateway ARM600 firmware 4.1.2 through 5.0.3 or ABB M2M Gateway SW 5.0.1 through 5.0.3 is deployed.
- Limit exposure: avoid direct internet access; if remote connectivity is required, use private APN, VPN, or DMZ-based termination as described in the advisory.
- Apply strict firewall allowlisting so only required hosts, ports, and protocols can reach the system.
- Change any default credentials, use strong non-reused passwords, and restrict administrator/root use to only when required.
- Keep engineering/configuration PCs updated, and virus-scan files and firmware before transferring them into the OT environment.
- Maintain tested backups of device configurations and related assets, stored securely and validated regularly.
- Use continuous monitoring and remove or disable unnecessary accounts, services, ports, and communication paths.
- Follow ABB’s cyber security deployment guidance and CISA’s industrial control system best practices referenced in the advisory.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory ICSA-25-105-08 and the ABB references it includes. The advisory explicitly states the issue is a urllib.parse URL blocklisting bypass involving blank-leading URLs, identifies ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3 as affected, and provides the published CVSS 6.5 medium vector. The public advisory date used here is 2025-04-07.
Official resources
-
CVE-2023-24329 CVE record
CVE.org
-
CVE-2023-24329 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the associated ABB M2M Gateway advisory ICSA-25-105-08 on 2025-04-07, with an initial revision of 1.0.0. This debrief uses that public advisory date as the disclosure context and does not infer the original flaw discovery or