Aspect Ent 2 Firmware
CVE-2023-0635
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.
AnalysisAI
Improper Privilege Management vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1391. Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01. Affected products include: Abb Aspect-Ent-2 Firmware, Abb Aspect-Ent-12 Firmware, Abb Aspect-Ent-256 Firmware, Abb Aspect-Ent-96 Firmware, Abb Nexus-2128 Firmware. Version information: before 3.07.01.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Aspect Ent 2 Firmware
View allUnauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login t
Improper Input Validation vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely e
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a clien
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default cred
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in a
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that coul
Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability
Improper Input Validation vulnerability allows Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerabi
Same weakness CWE-1391 – Use of Weak Credentials
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today