PatchSiren cyber security CVE debrief
CVE-2023-0286 OpenSSL CVE debrief
CVE-2023-0286 affects ABB M2M Gateway ARM600 firmware 4.1.2 through 5.0.3 and ABB M2M Gateway SW 5.0.1 through 5.0.3. According to the CISA CSAF advisory, the issue can be triggered when CRL checking is enabled and may let an attacker pass arbitrary pointers to a memcmp call, potentially exposing memory contents or causing a denial of service. The supplied advisory classifies the issue as medium severity (CVSS 6.4) and recommends layered mitigations such as minimizing internet exposure, using VPN/DMZ designs, firewall allowlisting, strong credentials, and monitoring.
- Vendor
- OpenSSL
- Product
- PCU400
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
Operators and defenders responsible for ABB ARM600 / ABB M2M Gateway deployments, especially environments that use certificate validation with CRL checking or expose remote management and gateway services to broader networks.
Technical summary
The vulnerability is a structure/type mismatch in handling X.400 addresses: they were parsed as ASN1_STRING while the public GENERAL_NAME definition incorrectly declared x400Address as ASN1_TYPE. In affected ABB M2M Gateway ARM600 and SW versions, when CRL checking is enabled, this type confusion can cause a memcmp call to operate on attacker-influenced pointers. The supplied description indicates confidentiality impact (memory contents may be read) and availability impact (denial of service), with no integrity impact in the provided CVSS vector (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:H).
Defensive priority
Medium, with higher urgency in any deployment that enables CRL checking or relies on affected gateway versions for remote connectivity. Prioritize remediation during the next maintenance window and apply compensating controls immediately if patching cannot be done right away.
Recommended defensive actions
- Inventory ABB M2M Gateway ARM600 and ABB M2M Gateway SW instances and compare them to the affected version ranges in the advisory.
- Reduce or eliminate internet exposure for the ARM600; if remote access is required, limit exposure to the VPN port only.
- Use a DMZ for internet-terminated VPN connections where feasible.
- Apply firewall allowlisting so only required ports, protocols, and hosts are permitted.
- Use non-default, unique, strong administrative credentials and restrict administrator/root use to required tasks.
- Keep supporting engineering/configuration PCs updated, malware-scanned, and dedicated where possible.
- Back up device configurations and validate that backups can be restored.
- Use continuous monitoring and intrusion detection/prevention to detect anomalous behavior around remote access and certificate-handling paths.
Evidence notes
All factual claims are drawn from the supplied CISA CSAF advisory for ICSA-25-105-08 and the ABB references listed in the source corpus. The advisory explicitly names the affected ABB products and version ranges, describes the CRL-checking condition and memcmp pointer issue, and provides mitigation guidance. No KEV entry was supplied.
Official resources
-
CVE-2023-0286 CVE record
CVE.org
-
CVE-2023-0286 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The supplied CISA CSAF advisory (ICSA-25-105-08) and the dataset timing fields are dated 2025-04-07. In this debrief, that date is treated as advisory publication context from the source corpus, not as the original vulnerability creation or