CVE-2023-0580

CVE-2023-0580 is a medium-severity vulnerability in Abb My Control System with a CVSS 3.x base score of 5.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-922.

Key facts

Description

Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.

Frequently asked questions

What is CVE-2023-0580?
Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.
How severe is CVE-2023-0580?
CVE-2023-0580 has a CVSS 3.x base score of 5.4, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability none.
Is CVE-2023-0580 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (37th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2023-0580?
CVE-2023-0580 affects Abb My Control System. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2023-0580?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2023-0580 published?
CVE-2023-0580 was published on 2023-04-06 and last updated on 2026-06-17.

References

Affected products (1)

Other CWE-922 vulnerabilities

Browse all CWE-922 vulnerabilities →