PatchSiren cyber security CVE debrief
CVE-2023-32233 ABB CVE debrief
ABB’s 2025-04-07 CSAF advisory maps CVE-2023-32233 to ABB M2M Gateway ARM600 and ABB M2M Gateway SW deployments in the affected version ranges. The underlying Linux kernel nf_tables use-after-free is a local privilege-escalation issue that can enable arbitrary kernel memory read/write and root access on affected systems.
- Vendor
- ABB
- Product
- ABB M2M Gateway ARM600
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
ABB ARM600 operators, OT/ICS defenders, site administrators, and security teams responsible for Linux-based gateway hosts or any environment where local user access exists on affected ABB M2M Gateway systems.
Technical summary
The source corpus describes CVE-2023-32233 as a Linux kernel use-after-free in Netfilter nf_tables during batch request processing, with potential arbitrary read and write of kernel memory and escalation from unprivileged local user to root. In the supplied CISA CSAF advisory ICSA-25-105-08, ABB identifies affected products as ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a local attack path with high impact.
Defensive priority
High
Recommended defensive actions
- Inventory ABB M2M Gateway ARM600 and ABB M2M Gateway SW assets and confirm whether they fall within the affected version ranges listed in the advisory.
- Reduce exposure by avoiding internet-facing deployments; where remote connectivity is needed, restrict access to the minimum required VPN port and prefer a private APN or segmented DMZ architecture.
- Apply firewall allowlisting and network segmentation so only required hosts, ports, and protocols can reach the gateway services.
- Change any default credentials, remove unnecessary user accounts, and enforce least privilege for administrative access.
- Follow ABB’s product security deployment guidance and user manuals for installation, operation, backup, and decommissioning practices.
- Keep supporting engineering/configuration PCs patched and malware-scanned before they are connected to OT environments, and scan transferred configuration or firmware files.
- Enable continuous monitoring and review logs for abnormal local activity, crashes, or privilege-escalation indicators on affected hosts.
- Verify whether ABB has issued newer remediation guidance for your exact product and firmware/software version, and plan maintenance changes accordingly.
Evidence notes
Primary evidence comes from the supplied CISA CSAF advisory ICSA-25-105-08, published 2025-04-07, and its ABB references. The advisory identifies CVE-2023-32233 as affecting ABB M2M Gateway ARM600 firmware 4.1.2 through 5.0.3 and ABB M2M Gateway SW 5.0.1 through 5.0.3, while the source item description provides the Linux kernel nf_tables use-after-free impact statement. The advisory’s remediation section emphasizes network isolation, allowlisting, credential hygiene, monitoring, and hardening. No KEV listing is present in the supplied enrichment.
Official resources
-
CVE-2023-32233 CVE record
CVE.org
-
CVE-2023-32233 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in a CISA/ABB advisory on 2025-04-07. The supplied corpus does not include exploit timing or a KEV designation.