Aspect Ent 12 Firmware
CVE-2024-51546
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (ch) · only source for this CVE.
CVSS VectorVendor: ch
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products:
ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
AnalysisAI
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1287. Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 Affected products include: Abb Aspect-Ent-12 Firmware, Abb Aspect-Ent-2 Firmware, Abb Aspect-Ent-256 Firmware, Abb Aspect-Ent-96 Firmware, Abb Nexus-2128 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Aspect Ent 12 Firmware
View allUnauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login t
Improper Input Validation vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely e
Improper Privilege Management vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remote
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a clien
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default cred
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in a
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that coul
Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today