CVE-2023-45231 TianoCore CVE debrief

Who should care

Organizations using ABB APC4100, APC910, C80, MPC3100, PPC1200, PPC900, APC2200, PPC2200, APC3100, and PPC3100 products should be aware of this vulnerability and take steps to mitigate it. This includes applying patches or workarounds provided by ABB and implementing network traffic restrictions. ICS operators and cybersecurity teams should prioritize vulnerability management and ensure that their systems are up-to-date with the latest security patches.

Technical summary

The EDK2 Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect messages. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. The vulnerability is caused by a lack of proper bounds checking in the EDK2 Network Package. An attacker can send a specially crafted Neighbor Discovery Redirect message to exploit this vulnerability. The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM.

Defensive priority

Apply patches or workarounds provided by ABB to fix the vulnerability. Restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6.

Recommended defensive actions

• Apply patches or workarounds provided by ABB to fix the vulnerability.
• Restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6.
• Deactivate the vulnerable component if not needed.
• Limit accessibility to the vulnerable component.
• Monitor network traffic for suspicious activity.
• Implement network segmentation to reduce the attack surface.

Evidence notes

The vulnerability is documented in the CVE-2023-45231 record and the NVD database. ABB has released patches for some of the affected products. The CISA CSAF file provides detailed information on the affected products and mitigations.

Official resources