CVE-2023-20569 AMD CVE debrief

Who should care

OT/ICS defenders, ABB ARM600 administrators, system integrators, and platform owners responsible for ARM600 SW deployments on AMD-based servers or virtualized infrastructure. Even though the advisory says ARM600 servers use Intel processors, mixed environments may still include ARM600 SW installations on AMD hardware, which is the relevant exposure case.

Technical summary

The advisory describes a Return Address Predictor vulnerability on certain AMD processors that can allow speculative execution at an attacker-controlled address, leading to information disclosure. The published CVSS vector is AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N, which indicates local access, high attack complexity, low privileges, no user interaction, and confidentiality impact only. ABB’s mitigation note recommends avoiding servers with AMD processors vulnerable to CVE-2021-26401, CVE-2023-20569, and CVE-2023-20593 in ARM600 SW installations.

Defensive priority

Medium for organizations that run ARM600 SW on AMD-based systems; lower for environments limited to ARM600 hardware servers using Intel processors, as the advisory explicitly says those servers use Intel processors. The issue is confidentiality-focused and requires local access with high complexity, but it should still be reviewed because it can affect exposed software deployments in mixed OT environments.

Recommended defensive actions

• Inventory ARM600 firmware and SW versions and confirm whether any deployments match ABB’s affected ranges: ARM600 firmware 4.1.2 through 5.0.3 and ARM600 SW 5.0.1 through 5.0.3.
• Determine whether any ARM600 SW instances run on AMD processors; ABB specifically calls out AMD-based environments as the relevant risk case.
• Follow ABB’s mitigation guidance for ARM600 SW installations and avoid using AMD servers that are vulnerable to CVE-2021-26401, CVE-2023-20569, or CVE-2023-20593.
• Apply general ICS hardening and defense-in-depth measures from the linked CISA guidance to reduce exposure from local attack paths.
• Review access controls and administrative restrictions around systems that host ARM600 SW, since the CVSS vector indicates local access and low privileges are part of the attack path.

Evidence notes

All substantive claims are taken from the CISA CSAF advisory ICSA-25-105-08 and its referenced ABB material. The source record states the vulnerability is a Return Address Predictor information-disclosure issue affecting certain AMD processors, lists the affected ABB ARM600 and ARM600 SW version ranges, and includes the mitigation note about avoiding vulnerable AMD servers in ARM600 SW installations. The record also notes that ARM600 servers use Intel processors, which narrows the likely exposure to ARM600 software installations running in AMD environments. Published and modified timestamps supplied with the source are 2025-04-07T10:30:00.000Z.

Official resources