PatchSiren cyber security CVE debrief
CVE-2023-45232 ABB CVE debrief
CVE-2023-45232 is a high-severity vulnerability in EDK2's Network Package. The vulnerability is caused by an infinite loop when parsing unknown options in the Destination Options header of IPv6. This could allow an attacker to gain unauthorized access and potentially lead to a loss of Availability. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.5, indicating a high level of severity. ABB is the affected vendor, with multiple products impacted, including APC4100, APC910, C80, MPC3100, PPC1200, PPC900, APC2200, PPC2200, APC3100, and PPC3100. CISA provides advisories and mitigation strategies for this vulnerability.
- Vendor
- ABB
- Product
- APC4100
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-29
- Original CVE updated
- 2026-05-21
- Advisory published
- 2026-01-29
- Advisory updated
- 2026-05-21
Who should care
Organizations using ABB products APC4100, APC910, C80, MPC3100, PPC1200, PPC900, APC2200, PPC2200, APC3100, and PPC3100 should prioritize patching this vulnerability. Additionally, defenders of industrial control systems and those responsible for securing network infrastructure should be aware of this vulnerability and take steps to mitigate its impact.
Technical summary
The EDK2 Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability, tracked as CVE-2023-45232, can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. The vulnerability has a CVSS score of 7.5, indicating a high level of severity. Multiple ABB products are affected, including APC4100, APC910, C80, MPC3100, PPC1200, PPC900, APC2200, PPC2200, APC3100, and PPC3100. ABB has released patches for some affected products, while others may require mitigation measures.
Defensive priority
Apply patches or updates provided by ABB for affected products as soon as possible. If patches are not available, consider deactivating the vulnerable component or limiting accessibility to the affected systems.
Recommended defensive actions
- Apply patches or updates provided by ABB for affected products.
- Deactivate the vulnerable component if not needed.
- Limit accessibility to legitimate users and block illegitimate PXE traffic.
- Monitor network traffic for suspicious activity.
- Implement defense-in-depth strategies as recommended by CISA.
Evidence notes
The CVE-2023-45232 vulnerability is caused by an infinite loop in EDK2's Network Package when parsing unknown options in the Destination Options header of IPv6. ABB provides patches for some affected products, while CISA offers advisories and mitigation strategies. The vulnerability has a CVSS score of 7.5, indicating a high level of severity. Multiple ABB products are affected, including APC4100, APC910, C80, MPC3100, PPC1200, PPC900, APC2200, PPC2200, APC3100, and PPC3100.
Official resources
-
CVE-2023-45232 CVE record
CVE.org
-
CVE-2023-45232 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This article is AI-assisted and based on the supplied source corpus.