Skip to main content

Nexus 2128 G Firmware

28 CVEs product

Monthly

CVE-2024-51547 CRITICAL This Week

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-6784 HIGH This Week

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-6516 CRITICAL POC Act Now

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XSS Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-6515 HIGH This Week

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-51554 HIGH This Week

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2024-51551 CRITICAL Act Now

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-51550 CRITICAL POC Act Now

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Code Injection Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.8%
CVE-2024-51549 CRITICAL Act Now

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-51548 HIGH This Week

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb File Upload Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-51546 HIGH POC This Week

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
1.5%
CVE-2024-51545 CRITICAL Act Now

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-51544 HIGH This Week

Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
13.5%
CVE-2024-51543 HIGH This Week

Information Disclosure vulnerabilities allow access to application configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-51542 HIGH This Week

Configuration Download vulnerabilities allow access to dependency configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Path Traversal Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware +17
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-51541 HIGH This Week

Local File Inclusion vulnerabilities allow access to sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI Abb PHP Information Disclosure Aspect Ent 12 Firmware +18
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-48847 HIGH This Week

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-48846 HIGH POC This Week

Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb CSRF Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.7%
CVE-2024-48845 CRITICAL POC Act Now

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Brute Force Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.8%
CVE-2024-48844 HIGH POC This Week

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD Exploit-DB
CVSS 4.0
7.2
EPSS
0.9%
CVE-2024-48843 HIGH This Week

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
7.6
EPSS
0.3%
CVE-2024-48840 CRITICAL POC Act Now

Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Code Injection Abb RCE Aspect Ent 2 Firmware +18
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
2.1%
CVE-2024-48839 CRITICAL POC Act Now

Improper Input Validation vulnerability allows Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Abb RCE Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
2.8%
CVE-2024-11317 CRITICAL Act Now

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Session Fixation Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-11316 HIGH This Week

Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-6298 CRITICAL POC THREAT Act Now

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb RCE Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
19.0%
CVE-2024-6209 CRITICAL POC THREAT Act Now

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb Path Traversal Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware +17
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
17.2%
CVE-2023-0636 CRITICAL Act Now

Improper Input Validation vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Command Injection Aspect Ent 2 Firmware Aspect Ent 12 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-0635 CRITICAL Act Now

Improper Privilege Management vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Abb Aspect Ent 2 Firmware Aspect Ent 12 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
0.4%
EPSS 0% CVSS 9.3
CRITICAL This Week

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Aspect Ent 2 Firmware +18
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Abb Information Disclosure +19
NVD
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XSS Aspect Ent 2 Firmware +18
NVD Exploit-DB
EPSS 0% CVSS 8.7
HIGH This Week

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware +18
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware +18
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware +18
NVD
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Code Injection Aspect Ent 12 Firmware +18
NVD Exploit-DB
EPSS 1% CVSS 9.3
CRITICAL Act Now

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware +18
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb File Upload Aspect Ent 12 Firmware +18
NVD
EPSS 1% CVSS 8.7
HIGH POC This Week

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware +18
NVD Exploit-DB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware +18
NVD
EPSS 14% CVSS 8.8
HIGH This Week

Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware +18
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Information Disclosure vulnerabilities allow access to application configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware +18
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Configuration Download vulnerabilities allow access to dependency configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Path Traversal Information Disclosure +19
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Local File Inclusion vulnerabilities allow access to sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI Abb PHP +20
NVD
EPSS 0% CVSS 8.8
HIGH This Week

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Aspect Ent 2 Firmware +18
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb CSRF Aspect Ent 2 Firmware +18
NVD Exploit-DB
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Brute Force +19
NVD Exploit-DB
EPSS 1% CVSS 7.2
HIGH POC This Week

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware +18
NVD Exploit-DB
EPSS 0% CVSS 7.6
HIGH This Week

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware +18
NVD
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Code Injection Abb +20
NVD Exploit-DB
EPSS 3% CVSS 9.3
CRITICAL POC Act Now

Improper Input Validation vulnerability allows Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Abb RCE +19
NVD Exploit-DB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Session Fixation Information Disclosure +19
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware +18
NVD
EPSS 19% CVSS 9.4
CRITICAL POC THREAT Act Now

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb RCE Aspect Ent 12 Firmware +18
NVD Exploit-DB
EPSS 17% CVSS 9.4
CRITICAL POC THREAT Act Now

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb Path Traversal Information Disclosure +19
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper Input Validation vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Command Injection Aspect Ent 2 Firmware +18
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper Privilege Management vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Abb Aspect Ent 2 Firmware +18
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy