PatchSiren cyber security CVE debrief
CVE-2023-3341 ISC CVE debrief
CVE-2023-3341 is a high-severity denial-of-service issue affecting ABB M2M Gateway products, including ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3. According to the CISA advisory, a remote attacker with network access to the control channel's configured TCP port can trigger recursive processing in named, exhaust stack memory, and cause the service to terminate unexpectedly. The advisory states that a valid RNDC key is not required. ABB and CISA recommend mitigation by blocking the name service port (TCP/UDP 53) if DNS/name service is not used, along with general security hardening guidance.
- Vendor
- ISC
- Product
- ABB M2M Gateway
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-07
- Original CVE updated
- 2025-04-07
- Advisory published
- 2025-04-07
- Advisory updated
- 2025-04-07
Who should care
ABB M2M Gateway and ARM600 operators, OT/ICS network defenders, control-system administrators, and incident responders responsible for perimeter exposure and service availability.
Technical summary
The advisory describes a stack exhaustion condition in named caused by recursive processing of control channel messages. The attack path is network-based and does not require authentication with a valid RNDC key, which lowers the barrier to abuse if the configured control-channel TCP port is reachable. The operational impact is service termination, so the primary risk is availability loss rather than confidentiality or integrity compromise. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, matching a remotely reachable denial-of-service condition.
Defensive priority
High for exposed deployments. Although this is not an integrity or code-execution issue, it is a remotely reachable availability impact in an OT-related product line. Priority increases if the control-channel TCP port is reachable from untrusted networks or if DNS/name service exposure is unnecessary and unfiltered.
Recommended defensive actions
- Review whether ABB M2M Gateway ARM600 or ABB M2M Gateway SW is deployed in the affected version ranges listed in the advisory.
- Restrict network access to the control channel's configured TCP port so it is reachable only from trusted management hosts.
- If name service is not used, block TCP/UDP port 53 at the firewall as ABB recommends.
- Apply vendor guidance and general ICS hardening recommendations from the cited ABB and CISA resources.
- Monitor for unexpected termination or restart behavior in named and investigate any exposure of the control-channel service.
- Use the official CISA advisory and ABB product documentation to confirm product-specific remediation steps before making configuration changes.
Evidence notes
All factual claims above are drawn from the supplied CISA CSAF advisory for ICSA-25-105-08 and the referenced ABB/CISA source links included in the corpus. The advisory identifies affected ABB M2M Gateway ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3, describes the control-channel recursive processing issue in named, and recommends blocking TCP/UDP port 53 if name service is unused. The supplied timeline shows publication and modification on 2025-04-07T10:30:00Z; no KEV entry was provided in the corpus.
Official resources
-
CVE-2023-3341 CVE record
CVE.org
-
CVE-2023-3341 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA advisory ICSA-25-105-08 on 2025-04-07T10:30:00Z. The supplied corpus does not include a KEV listing or evidence of known ransomware use.