Skip to main content

Abb CVE-2024-48842

HIGH
Use of Hard-coded Credentials (CWE-798)
2025-09-17 cybersecurity@ch.abb.com
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:12 vuln.today
CVE Published
Sep 17, 2025 - 15:15 nvd
HIGH 7.3

DescriptionCVE.org

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions

AnalysisAI

Use of Hard-coded Credentials vulnerability in ABB FLXEON.3.5 and newer versions. Rated high severity (CVSS 7.3). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. Use of Hard-coded Credentials vulnerability in ABB FLXEON.3.5 and newer versions Version information: through 9.3.5.

Affected ProductsAI

ABB FLXEON.This.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

More in Abb

View all
CVE-2012-0245 CRITICAL
10.0 Mar 09

Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used

CVE-2024-6298 CRITICAL POC
9.4 Jul 05

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.

CVE-2024-6209 CRITICAL POC
9.4 Jul 05

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.

CVE-2017-17888 HIGH POC
8.8 Dec 27

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500,

CVE-2019-7225 HIGH POC
8.8 Jun 27

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI i

CVE-2019-7226 HIGH POC
8.8 Jun 27

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication a

CVE-2019-7228 HIGH POC
8.8 Jun 27

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Rated high

CVE-2019-7232 HIGH POC
8.8 Jun 24

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. Rated high

CVE-2019-7230 HIGH POC
8.8 Jun 24

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Rated high severity (

CVE-2024-4007 HIGH POC
8.7 Jul 01

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login t

CVE-2019-7229 HIGH POC
8.3 Jun 24

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilizat

CVE-2019-18997 HIGH POC
7.5 Dec 18

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work f

Share

CVE-2024-48842 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy