Skip to main content

Severity by source

Vendor (ch) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Red

Primary rating from Vendor (ch) · only source for this CVE.

CVSS VectorVendor: ch

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Red
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
N

Lifecycle Timeline

1
CVE Published
Dec 05, 2024 - 13:15 cve.org
CRITICAL 9.3

DescriptionCVE.org

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products:

ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

AnalysisAI

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 Affected products include: Abb Aspect-Ent-2 Firmware, Abb Aspect-Ent-256 Firmware, Abb Aspect-Ent-96 Firmware, Abb Nexus-2128 Firmware, Abb Nexus-2128-A Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-6298 CRITICAL POC
9.4 Jul 05

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.

CVE-2024-6209 CRITICAL POC
9.4 Jul 05

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.

CVE-2024-4007 HIGH POC
8.7 Jul 01

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login t

CVE-2023-0636 CRITICAL
9.8 Jun 05

Improper Input Validation vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely e

CVE-2023-0635 CRITICAL
9.8 Jun 05

Improper Privilege Management vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2024-51551 CRITICAL
9.3 Dec 05

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default cred

CVE-2024-51550 CRITICAL POC
9.3 Dec 05

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in a

CVE-2024-51549 CRITICAL
9.3 Dec 05

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity

CVE-2024-51545 CRITICAL
9.3 Dec 05

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.

CVE-2024-48845 CRITICAL POC
9.3 Dec 05

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that coul

CVE-2024-48840 CRITICAL POC
9.3 Dec 05

Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability

CVE-2024-48839 CRITICAL POC
9.3 Dec 05

Improper Input Validation vulnerability allows Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerabi

Share

CVE-2024-6516 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy