All the vulnerabilites related to ABB - ASPECT-Enterprise
cve-2024-51545
Vulnerability from cvelistv5
Published
2024-12-05 12:49
Modified
2024-12-05 14:47
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS score ?
Summary
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-51545", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T14:45:13.295190Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T14:47:33.404Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:49:25.254Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Username Enumeration", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51545", "datePublished": "2024-12-05T12:49:25.254Z", "dateReserved": "2024-10-29T11:48:54.543Z", "dateUpdated": "2024-12-05T14:47:33.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51550
Vulnerability from cvelistv5
Published
2024-12-05 12:56
Modified
2024-12-05 15:05
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
EPSS score ?
Summary
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-51550", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:02:34.383213Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T15:05:36.860Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:56:07.332Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Data Validation / Sanitization", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51550", "datePublished": "2024-12-05T12:56:07.332Z", "dateReserved": "2024-10-29T11:48:54.543Z", "dateUpdated": "2024-12-05T15:05:36.860Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51546
Vulnerability from cvelistv5
Published
2024-12-05 12:51
Modified
2024-12-05 14:43
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS score ?
Summary
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-51546", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T14:40:58.511765Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T14:43:58.312Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:51:39.054Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Credentails Disclosure", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51546", "datePublished": "2024-12-05T12:51:39.054Z", "dateReserved": "2024-10-29T11:48:54.543Z", "dateUpdated": "2024-12-05T14:43:58.312Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51549
Vulnerability from cvelistv5
Published
2024-12-05 12:54
Modified
2024-12-05 15:09
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
EPSS score ?
Summary
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-51549", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:06:48.916140Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T15:09:13.063Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:54:31.077Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Absolute Path Traversal", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51549", "datePublished": "2024-12-05T12:54:31.077Z", "dateReserved": "2024-10-29T11:48:54.543Z", "dateUpdated": "2024-12-05T15:09:13.063Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6784
Vulnerability from cvelistv5
Published
2024-12-05 12:25
Modified
2024-12-05 18:49
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:N
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS score ?
Summary
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6784", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:52:27.789374Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:49:57.676Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:25:28.078Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "SSRF Server Side Request Forgery", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-6784", "datePublished": "2024-12-05T12:25:28.078Z", "dateReserved": "2024-07-16T09:06:21.186Z", "dateUpdated": "2024-12-05T18:49:57.676Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48839
Vulnerability from cvelistv5
Published
2024-12-05 12:37
Modified
2024-12-05 18:49
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
EPSS score ?
Summary
Improper Input Validation vulnerability allows Remote Code Execution.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-48839", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:51:33.627419Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:49:41.865Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper Input Validation vulnerability allows Remote Code Execution.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Improper Input Validation vulnerability allows Remote Code Execution.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:37:28.554Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Remote Code Execution, RCE", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-48839", "datePublished": "2024-12-05T12:37:28.554Z", "dateReserved": "2024-10-08T17:24:01.444Z", "dateUpdated": "2024-12-05T18:49:41.865Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51555
Vulnerability from cvelistv5
Published
2024-12-05 12:59
Modified
2024-12-05 14:34
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS score ?
Summary
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-51555", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T14:28:57.223663Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-521", "description": "CWE-521 Weak Password Requirements", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T14:34:50.184Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.07.02; \u003cbr\u003eNEXUS Series v3.07.02; \u003cbr\u003eMATRIX Series v3.07.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.07.02; \nNEXUS Series v3.07.02; \nMATRIX Series v3.07.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1393", "description": "CWE-1393 Use of Default Password", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:59:44.713Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Force Change of Default Credentials", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51555", "datePublished": "2024-12-05T12:59:44.713Z", "dateReserved": "2024-10-29T11:48:58.139Z", "dateUpdated": "2024-12-05T14:34:50.184Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51542
Vulnerability from cvelistv5
Published
2024-12-05 12:45
Modified
2024-12-05 15:13
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
EPSS score ?
Summary
Configuration Download vulnerabilities allow access to dependency configuration information.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-51542", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:10:32.199733Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T15:13:29.563Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Configuration Download vulnerabilities allow access to dependency configuration information.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Configuration Download vulnerabilities allow access to dependency configuration information.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:45:57.616Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Configuration Download", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51542", "datePublished": "2024-12-05T12:45:57.616Z", "dateReserved": "2024-10-29T11:48:54.542Z", "dateUpdated": "2024-12-05T15:13:29.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51548
Vulnerability from cvelistv5
Published
2024-12-05 12:52
Modified
2024-12-05 14:39
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS score ?
Summary
Dangerous File Upload vulnerabilities allow upload of malicious scripts.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-51548", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T14:37:16.964982Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T14:39:56.202Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Dangerous File Upload vulnerabilities allow upload of malicious scripts.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Dangerous File Upload vulnerabilities allow upload of malicious scripts.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:52:54.929Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Dangerous File Upload", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51548", "datePublished": "2024-12-05T12:52:54.929Z", "dateReserved": "2024-10-29T11:48:54.543Z", "dateUpdated": "2024-12-05T14:39:56.202Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48844
Vulnerability from cvelistv5
Published
2024-12-05 12:41
Modified
2024-12-05 18:49
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
7.2 (High) - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H
7.2 (High) - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H
EPSS score ?
Summary
Denial of Service vulnerabilities where found providing a potiential for device service disruptions.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-48844", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:50:28.526206Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:49:17.567Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "initial", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Denial of Service vulnerabilities where found providing a potiential for device service disruptions.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Denial of Service vulnerabilities where found providing a potiential for device service disruptions.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.2, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:41:12.507Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Denial of Service, DoS", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-48844", "datePublished": "2024-12-05T12:41:12.507Z", "dateReserved": "2024-10-08T17:24:01.445Z", "dateUpdated": "2024-12-05T18:49:17.567Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6298
Vulnerability from cvelistv5
Published
2024-07-05 11:06
Modified
2024-12-05 12:16
Severity ?
9.4 (Critical) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:I/V:C/RE:H/U:Red
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS score ?
Summary
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series
v3.08.01
; MATRIX Series
v3.08.01 allows Attacker to execute arbitrary code remotely
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "aspect-ent-2_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "aspect-ent-96_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-2128-a_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-2128-f_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-2128_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-2128-g_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-264-a_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-264-f_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-264_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus-264-g_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-3-2128_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-3-264_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "matrix-11_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "matrix-216_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "matrix-232_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "matrix-264_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "aspect-ent-12_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "aspect-ent-256_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "matrix-296_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6298", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-05T17:05:07.391904Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:24:03.161Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:33:05.210Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.39956449.23035250.1719878527-141379670.1701144964" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series\n\n v3.08.01\n\n; MATRIX Series \n\n v3.08.01 allows Attacker to execute arbitrary code remotely\u0026nbsp;" } ], "value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series\n\n v3.08.01\n\n; MATRIX Series \n\n v3.08.01 allows Attacker to execute arbitrary code remotely" } ], "impacts": [ { "capecId": "CAPEC-253", "descriptions": [ { "lang": "en", "value": "CAPEC-253 Remote Code Inclusion" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "YES", "Recovery": "IRRECOVERABLE", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 9.4, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:I/V:C/RE:H/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:16:19.488Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "remote code execution", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-6298", "datePublished": "2024-07-05T11:06:35.066Z", "dateReserved": "2024-06-25T06:38:32.703Z", "dateUpdated": "2024-12-05T12:16:19.488Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6209
Vulnerability from cvelistv5
Published
2024-07-05 11:10
Modified
2024-12-05 12:13
Severity ?
9.4 (Critical) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:I/V:C/RE:H/U:Red
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS score ?
Summary
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series
v3.08.01
; MATRIX Series
v3.08.01 allows Attacker to access files unauthorized
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "aspect-ent-2_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "aspect-ent-96_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-2128-a_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-2128-f_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-2128_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-2128-g_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-264-a_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-264-f_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-264_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus-264-g_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-3-2128_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nexus-3-264_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "matrix-11_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "matrix-216_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "matrix-232_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "matrix-264_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "aspect-ent-12_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "aspect-ent-256_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "matrix-296_firmware", "vendor": "abb", "versions": [ { "lessThan": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6209", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-05T17:24:31.125468Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:24:44.098Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:33:05.139Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.39956449.23035250.1719878527-141379670.1701144964" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series\n\n v3.08.01\n\n; MATRIX Series \n\n v3.08.01 allows Attacker to access files unauthorized\u0026nbsp;" } ], "value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series\n\n v3.08.01\n\n; MATRIX Series \n\n v3.08.01 allows Attacker to access files unauthorized" } ], "impacts": [ { "capecId": "CAPEC-115", "descriptions": [ { "lang": "en", "value": "CAPEC-115 Authentication Bypass" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "YES", "Recovery": "IRRECOVERABLE", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 9.4, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:I/V:C/RE:H/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:13:47.544Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "unauthorized file access", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-6209", "datePublished": "2024-07-05T11:10:05.458Z", "dateReserved": "2024-06-20T16:27:24.196Z", "dateUpdated": "2024-12-05T12:13:47.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48847
Vulnerability from cvelistv5
Published
2024-12-05 12:44
Modified
2024-12-05 15:49
Severity ?
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS score ?
Summary
MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes.
Affected products:
ABB ASPECT - Enterprise v3.08.01;
NEXUS Series v3.08.01;
MATRIX Series v3.08.01
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-48847", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:47:21.955497Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T15:49:11.073Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.01; \u003cbr\u003eNEXUS Series v3.08.01; \u003cbr\u003eMATRIX Series v3.08.01\u003c/span\u003e\u003cbr\u003e" } ], "value": "MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.01; \nNEXUS Series v3.08.01; \nMATRIX Series v3.08.01" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-328", "description": "CWE-328 Use of Weak Hash", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:44:09.099Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "MD5 bypass operation", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-48847", "datePublished": "2024-12-05T12:44:09.099Z", "dateReserved": "2024-10-08T17:24:01.445Z", "dateUpdated": "2024-12-05T15:49:11.073Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51544
Vulnerability from cvelistv5
Published
2024-12-05 12:48
Modified
2024-12-05 14:50
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:L/SI:L/SA:L
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:L/SI:L/SA:L
EPSS score ?
Summary
Service Control vulnerabilities allow access to service restart requests and vm configuration settings.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-51544", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T14:48:07.626886Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T14:50:27.895Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Service Control vulnerabilities allow access to service restart requests and vm configuration settings.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Service Control vulnerabilities allow access to service restart requests and vm configuration settings.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-15", "description": "CWE-15 External Control of System or Configuration Setting", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:48:32.801Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Service Control", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51544", "datePublished": "2024-12-05T12:48:32.801Z", "dateReserved": "2024-10-29T11:48:54.542Z", "dateUpdated": "2024-12-05T14:50:27.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6516
Vulnerability from cvelistv5
Published
2024-12-05 12:24
Modified
2024-12-05 18:50
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Red
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
EPSS score ?
Summary
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6516", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:52:49.743795Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:50:07.866Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:24:16.644Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Cross Site Scripting XSS", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-6516", "datePublished": "2024-12-05T12:24:16.644Z", "dateReserved": "2024-07-04T15:09:13.491Z", "dateUpdated": "2024-12-05T18:50:07.866Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48843
Vulnerability from cvelistv5
Published
2024-12-05 12:40
Modified
2024-12-05 18:49
Severity ?
EPSS score ?
Summary
Denial of Service vulnerabilities where found providing a potiential for device service disruptions.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-48843", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:51:03.327418Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:49:24.745Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Denial of Service vulnerabilities where found providing a potiential for device service disruptions.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Denial of Service vulnerabilities where found providing a potiential for device service disruptions.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.6, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "RED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:L/S:N/U:Red", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:40:01.071Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Denial of Service, DoS", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-48843", "datePublished": "2024-12-05T12:40:01.071Z", "dateReserved": "2024-10-08T17:24:01.445Z", "dateUpdated": "2024-12-05T18:49:24.745Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48845
Vulnerability from cvelistv5
Published
2024-12-05 12:42
Modified
2024-12-05 18:49
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS score ?
Summary
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-48845", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:50:15.431101Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:49:08.072Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.07.02; \u003cbr\u003eNEXUS Series v3.07.02; \u003cbr\u003eMATRIX Series v3.07.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.07.02; \nNEXUS Series v3.07.02; \nMATRIX Series v3.07.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-521", "description": "CWE-521 Weak Password Requirements", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:42:14.225Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Weak Password Rules/Strength", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-48845", "datePublished": "2024-12-05T12:42:14.225Z", "dateReserved": "2024-10-08T17:24:01.445Z", "dateUpdated": "2024-12-05T18:49:08.072Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48846
Vulnerability from cvelistv5
Published
2024-12-05 12:43
Modified
2024-12-05 18:48
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L
EPSS score ?
Summary
Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-48846", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:50:04.533995Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:48:59.598Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:43:20.544Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Cross Side Request Forgery, CSRF", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-48846", "datePublished": "2024-12-05T12:43:20.544Z", "dateReserved": "2024-10-08T17:24:01.445Z", "dateUpdated": "2024-12-05T18:48:59.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51541
Vulnerability from cvelistv5
Published
2024-12-05 12:45
Modified
2024-12-05 15:16
Severity ?
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS score ?
Summary
Local File Inclusion vulnerabilities allow access to sensitive system information.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-51541", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:14:14.254429Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T15:16:19.415Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Local File Inclusion vulnerabilities allow access to sensitive system information.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Local File Inclusion vulnerabilities allow access to sensitive system information.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-98", "description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:45:09.058Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Local File Inclusion", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51541", "datePublished": "2024-12-05T12:45:09.058Z", "dateReserved": "2024-10-29T11:48:54.542Z", "dateUpdated": "2024-12-05T15:16:19.415Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6515
Vulnerability from cvelistv5
Published
2024-12-05 12:22
Modified
2024-12-05 18:50
Severity ?
EPSS score ?
Summary
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6515", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:53:02.403236Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:50:20.432Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "initial", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NO", "Recovery": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/S:N/AU:N/V:D/RE:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:22:36.946Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "unauthorized file access", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-6515", "datePublished": "2024-12-05T12:22:36.946Z", "dateReserved": "2024-07-04T15:09:13.406Z", "dateUpdated": "2024-12-05T18:50:20.432Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51543
Vulnerability from cvelistv5
Published
2024-12-05 12:47
Modified
2024-12-05 14:53
Severity ?
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS score ?
Summary
Information Disclosure vulnerabilities allow access to application configuration information.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThan": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThan": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-51543", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T14:51:25.818780Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T14:53:38.763Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Information Disclosure vulnerabilities allow access to application configuration information.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Information Disclosure vulnerabilities allow access to application configuration information.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-15", "description": "CWE-15 External Control of System or Configuration Setting", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:47:06.288Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Information Disclosure", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51543", "datePublished": "2024-12-05T12:47:06.288Z", "dateReserved": "2024-10-29T11:48:54.542Z", "dateUpdated": "2024-12-05T14:53:38.763Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51554
Vulnerability from cvelistv5
Published
2024-12-05 12:58
Modified
2024-12-05 14:36
Severity ?
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
EPSS score ?
Summary
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-51554", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T14:35:36.749099Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T14:36:37.414Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-193", "description": "CWE-193 Off-by-one Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:58:51.342Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "off-by-one-error", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51554", "datePublished": "2024-12-05T12:58:51.342Z", "dateReserved": "2024-10-29T11:48:58.139Z", "dateUpdated": "2024-12-05T14:36:37.414Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11316
Vulnerability from cvelistv5
Published
2024-12-05 12:27
Modified
2024-12-05 18:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:L
EPSS score ?
Summary
Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11316", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T18:33:49.478066Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:35:25.727Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:34:59.297Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Filesize Check", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-11316", "datePublished": "2024-12-05T12:27:03.272Z", "dateReserved": "2024-11-18T03:55:35.362Z", "dateUpdated": "2024-12-05T18:35:25.727Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51551
Vulnerability from cvelistv5
Published
2024-12-05 12:57
Modified
2024-12-05 15:01
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
EPSS score ?
Summary
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-51551", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T14:59:05.467804Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T15:01:42.017Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.07.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.07.02; \u003cbr\u003eNEXUS Series v3.07.02; \u003cbr\u003eMATRIX Series v3.07.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.07.02; \nNEXUS Series v3.07.02; \nMATRIX Series v3.07.02" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:57:06.089Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Default Credentials", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-51551", "datePublished": "2024-12-05T12:57:06.089Z", "dateReserved": "2024-10-29T11:48:58.138Z", "dateUpdated": "2024-12-05T15:01:42.017Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48840
Vulnerability from cvelistv5
Published
2024-12-05 12:38
Modified
2024-12-05 18:49
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
EPSS score ?
Summary
Unauthorized Access vulnerabilities allow Remote Code Execution.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-48840", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:51:18.340348Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:49:34.017Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Unauthorized Access vulnerabilities allow Remote Code Execution.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Unauthorized Access vulnerabilities allow Remote Code Execution.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:38:46.342Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Unauthorized Access", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-48840", "datePublished": "2024-12-05T12:38:46.342Z", "dateReserved": "2024-10-08T17:24:01.444Z", "dateUpdated": "2024-12-05T18:49:34.017Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11317
Vulnerability from cvelistv5
Published
2024-12-05 12:36
Modified
2024-12-05 18:49
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
EPSS score ?
Summary
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ABB | ASPECT-Enterprise |
Version: 0 < |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:abb:aspect_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aspect_enterprise", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:nexus_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nexus_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:abb:matrix_series:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "matrix_series", "vendor": "abb", "versions": [ { "lessThanOrEqual": "3.08.01", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11317", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:52:17.379707Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:49:49.571Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "NEXUS Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "MATRIX Series", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "3.08.02", "status": "affected", "version": "initial", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.\u0026nbsp;\u003cbr\u003eAffected products:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eABB ASPECT - Enterprise v3.08.02; \u003cbr\u003eNEXUS Series v3.08.02; \u003cbr\u003eMATRIX Series v3.08.02\u003c/span\u003e\u003cbr\u003e" } ], "value": "Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-384", "description": "CWE-384 Session Fixation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T12:36:27.768Z", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "EXTERNAL" }, "title": "PHP Session Fixation", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2024-11317", "datePublished": "2024-12-05T12:36:27.768Z", "dateReserved": "2024-11-18T03:55:36.724Z", "dateUpdated": "2024-12-05T18:49:49.571Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }