PatchSiren cyber security CVE debrief
CVE-2023-40217 ABB CVE debrief
CVE-2023-40217 is a network-reachable information-disclosure issue affecting ABB M2M Gateway ARM600 and ABB M2M Gateway SW. In a narrow timing window, buffered data may remain readable before TLS client-certificate authentication is initiated, which can expose limited sensitive information from the server.
- Vendor
- ABB
- Product
- ABB M2M Gateway ARM600
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
Operators and administrators of ABB M2M Gateway ARM600 or ABB M2M Gateway SW, especially OT/ICS teams that rely on TLS client-certificate authentication or that expose gateway services to untrusted networks.
Technical summary
According to the CISA CSAF advisory, if a TLS server-side socket is created, receives data, and then closes quickly, the SSLSocket instance may briefly detect the connection as "not connected" and skip the handshake. In that case, buffered data can still be read without authentication when client-certificate authentication is expected. The exposed data is limited to the socket buffer size. The advisory lists affected versions as ABB M2M Gateway ARM600 firmware 4.1.2 through 5.0.3 and ABB M2M Gateway SW 5.0.1 through 5.0.3.
Defensive priority
Medium. The issue is network-exploitable and can disclose data without authentication, but the vulnerable window is narrow, the impact is confidentiality-only in the supplied advisory, and no KEV entry is listed in the supplied enrichment.
Recommended defensive actions
- Review the ABB/CISA advisory for the affected ARM600 and ABB M2M Gateway SW versions and apply vendor remediation guidance as available in your environment.
- Minimize exposure to untrusted networks; avoid placing system components directly on the internet where possible.
- If external connectivity is required, expose only the necessary VPN port(s) and terminate internet connections in a DMZ.
- Use firewall allowlisting so only required hosts, ports, and protocols are permitted.
- Where applicable, prefer a private cellular APN or other private WAN approach so remote traffic does not traverse the public internet.
- Follow ABB’s deployment and lifecycle guidance, keep supporting engineering PCs updated, and maintain validated backups and strong non-default credentials.
Evidence notes
The primary evidence is CISA CSAF ICSA-25-105-08, which names the affected ABB products and versions, provides the vulnerability description, and includes mitigations focused on reducing exposure. The supplied ABB documentation and CISA ICS references support the hardening and deployment guidance, while the NVD and CVE record provide corroborating vulnerability metadata.
Official resources
-
CVE-2023-40217 CVE record
CVE.org
-
CVE-2023-40217 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the initial CSAF advisory version for this issue on 2025-04-07 at 10:30:00Z (revision 1.0.0). The supplied timeline shows no later revision.