CVE-2023-2828 ISC CVE debrief

Who should care

Operators, administrators, and OT security teams responsible for ABB M2M Gateway ARM600 and ABB M2M Gateway SW deployments, especially where the named service or DNS is enabled or reachable.

Technical summary

The advisory describes a resolver-cache memory exhaustion condition: specific RRset query ordering can bypass the intended max-cache-size behavior and cause the host running named to consume all available memory, resulting in denial of service. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Defensive priority

Medium. The impact is availability-only, but the issue is network-exploitable and can lead to full memory exhaustion on the affected host, so exposed deployments should be reviewed promptly.

Recommended defensive actions

• Verify whether your environment uses ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 or ABB M2M Gateway SW versions 5.0.1 through 5.0.3.
• If name service is not required, block TCP/UDP port 53 with a firewall, as ABB recommends.
• Review ABB's general security recommendations for the ARM600 system and reduce unnecessary exposure of the named service.
• Monitor affected hosts for abnormal memory growth or service instability and prepare operational recovery procedures.

Evidence notes

The supplied source corpus states that the vulnerability can cause the configured max-cache-size limit to be significantly exceeded by querying the resolver for specific RRsets in a certain order, leading to denial of service by exhausting memory on the host running named. It also states that ARM600 is not dependent on DNS by default and recommends blocking TCP/UDP port 53 if name service is unused. The advisory provided in the corpus is CISA CSAF ICSA-25-105-08, published 2025-04-07.

Official resources