Aspect Ent 2 Firmware
CVE-2024-48839
CRITICAL
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (ch) · only source for this CVE.
CVSS VectorVendor: ch
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Improper Input Validation vulnerability allows Remote Code Execution. Affected products:
ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
AnalysisAI
Improper Input Validation vulnerability allows Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 Affected products include: Abb Aspect-Ent-2 Firmware, Abb Aspect-Ent-256 Firmware, Abb Aspect-Ent-96 Firmware, Abb Nexus-2128 Firmware, Abb Nexus-2128-A Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
More in Aspect Ent 2 Firmware
View allUnauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login t
Improper Input Validation vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely e
Improper Privilege Management vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remote
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a clien
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default cred
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in a
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that coul
Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today