{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/ppc3100/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":8.3,"id":"CVE-2023-45230"},{"cvss":8.3,"id":"CVE-2023-45235"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["APC4100","APC910","C80","MPC3100","PPC1200","PPC900","APC2200","PPC2200","APC3100","PPC3100"],"_cs_severities":["high"],"_cs_tags":["ics","vulnerability","network"],"_cs_type":"advisory","_cs_vendors":["ABB"],"content_html":"\u003cp\u003eABB has identified multiple vulnerabilities within the EDK2 Network Package used in several B\u0026amp;R PC product lines, affecting versions prior to the listed fixes. These vulnerabilities, discovered in 2023, stem from improper handling of network messages, specifically within the Preboot eXecution Environment (PXE) of the UEFI firmware. Successful exploitation could allow a network attacker to perform a variety of malicious actions including remote code execution, denial-of-service attacks, DNS cache poisoning, and sensitive information disclosure. The affected product lines include APC4100, APC910, C80, MPC3100, PPC1200, PPC900, APC2200, PPC2200, APC3100, and PPC3100. It is critical to apply the provided updates or mitigations to prevent potential exploitation. These vulnerabilities impact organizations that use these PCs in their industrial control systems.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable ABB B\u0026amp;R PC on the network running an affected firmware version.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious DHCPv6 Advertise message with a malformed IA_NA or IA_TA option (CVE-2023-45229).\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted DHCPv6 message to the target PC.\u003c/li\u003e\n\u003cli\u003eThe vulnerable EDK2 Network Package processes the malicious option, resulting in an out-of-bounds read.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits the out-of-bounds read to leak sensitive information from the device\u0026rsquo;s memory.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker crafts a malicious DHCPv6 client message with a long server ID option (CVE-2023-45230).\u003c/li\u003e\n\u003cli\u003eThe vulnerable EDK2 Network Package processes the oversized server ID, leading to a buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the buffer overflow to achieve remote code execution on the target system, potentially leading to complete system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could have significant consequences. An attacker could gain unauthorized access to the targeted industrial control systems, leading to disruption of operations, data theft, or the execution of malicious code. The vulnerabilities could also be leveraged to perform denial-of-service attacks, rendering the affected systems unavailable. Given that the affected PCs are used within critical infrastructure sectors like energy, the impact could extend to broader societal consequences.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the vendor-provided fixes for each affected product line (APC4100, C80, MPC3100, PPC1200, PPC900, APC2200, PPC2200, APC3100, PPC3100) as detailed in the advisory.\u003c/li\u003e\n\u003cli\u003eFor APC910, where no patch is available, disable the vulnerable Preboot eXecution Environment (PXE) of the UEFI firmware as a mitigation.\u003c/li\u003e\n\u003cli\u003eIf PXE functionality is required, restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6, using a control network firewall.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for malformed DHCPv6 Advertise messages or DHCPv6 client messages with excessively long server IDs to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment to detect exploitation attempts of CVE-2023-45229 and CVE-2023-45230.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-21T16:10:48Z","date_published":"2026-05-21T16:10:48Z","id":"https://feed.craftedsignal.io/briefs/2026-05-abb-br-pcs-vulns/","summary":"Multiple vulnerabilities in ABB B\u0026R PCs, specifically within the EDK2 Network Package, can be exploited by a network attacker to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237).","title":"ABB B\u0026R PCs Vulnerable to Multiple Attacks via EDK2 Network Package","url":"https://feed.craftedsignal.io/briefs/2026-05-abb-br-pcs-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — PPC3100","version":"https://jsonfeed.org/version/1.1"}