PatchSiren cyber security CVE debrief
CVE-2023-42753 Red Hat CVE debrief
CVE-2023-42753 affects ABB ARM600 and ABB M2M Gateway software. CISA’s CSAF advisory says a missing netfilter macro can miscalculate the h->nets array offset, creating an out-of-bounds memory write primitive. The stated impact is that a local user may crash the system or potentially escalate privileges. The advisory covers ARM600 firmware versions 4.1.2 through 5.0.3 and ABB M2M Gateway SW versions 5.0.1 through 5.0.3.
- Vendor
- Red Hat
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-06-13
- Original CVE updated
- 2024-04-09
- Advisory published
- 2023-06-13
- Advisory updated
- 2024-04-09
Who should care
OT/ICS operators using ABB ARM600 or ABB M2M Gateway SW, especially where local access is possible; administrators responsible for hardening, segmentation, and credential hygiene; and incident responders watching for instability, unexpected crashes, or privilege-abuse indicators on affected systems.
Technical summary
The advisory describes a missing netfilter macro that leads to miscalculation of the h->nets array offset. That can provide a primitive to increment or decrement memory out of bounds, which is consistent with a local memory corruption issue. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local attack requirements with severe confidentiality, integrity, and availability impact if successfully exploited.
Defensive priority
High for any environment running affected versions, especially multi-user or operationally exposed OT deployments. Although the attack is local, the impact includes potential privilege escalation and full system disruption.
Recommended defensive actions
- Confirm whether any ABB ARM600 instances are on firmware versions 4.1.2 through 5.0.3 or ABB M2M Gateway SW instances are on versions 5.0.1 through 5.0.3.
- Restrict local and administrative access to trusted operators only, and review host access controls on affected systems.
- Avoid exposing ARM600 components directly to the internet; if exposure is unavoidable, open only the VPN port as described in the advisory.
- Use private cellular APN or other private WAN connectivity where feasible to avoid public internet exposure.
- Apply firewall allowlisting and, where appropriate, terminate internet-facing VPN connections in a DMZ.
- Change default credentials, use unique complex passwords, and use administrator/root privileges only when required.
- Keep supporting configuration PCs updated, and virus-scan transferred configuration files and firmware before introducing them into the OT environment.
- Maintain tested backups and continuous monitoring to help detect and recover from crashes or suspicious changes quickly.
Evidence notes
Primary evidence comes from CISA CSAF advisory ICSA-25-105-08, published 2025-04-07 with initial revision 1.0.0. The advisory names ABB as the vendor, identifies the affected products and version ranges, and provides mitigation guidance. The supplied data does not list this CVE in CISA KEV. The published and modified dates in the corpus are advisory publication metadata and should not be treated as the original vulnerability disclosure date.
Official resources
-
CVE-2023-42753 CVE record
CVE.org
-
CVE-2023-42753 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF advisory ICSA-25-105-08 on 2025-04-07 (initial version 1.0.0). The supplied metadata shows no KEV listing and no later advisory revision beyond the initial publication.