abb MATRIX Series v0 - 24 CVEs

CVE-2024-51555

Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CRITICAL CVSS 9.8 Published Dec 05, 2024

CVE-2024-51554

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

UNKNOWN CVSS 9.1 Published Dec 05, 2024

CVE-2024-51551

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CRITICAL CVSS 10.0 Published Dec 05, 2024

CVE-2024-51550

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

UNKNOWN CVSS 10.0 Published Dec 05, 2024

CVE-2024-51549

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CRITICAL CVSS 10.0 Published Dec 05, 2024

CVE-2024-51548

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

UNKNOWN CVSS 9.9 Published Dec 05, 2024

CVE-2024-51546

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

UNKNOWN CVSS 7.5 Published Dec 05, 2024

CVE-2024-51545

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

UNKNOWN CVSS 10.0 Published Dec 05, 2024

CVE-2024-51544

Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

HIGH CVSS 8.2 Published Dec 05, 2024

CVE-2024-51543

Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

UNKNOWN CVSS 8.2 Published Dec 05, 2024

CVE-2024-51542

Configuration Download vulnerabilities allow access to dependency configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

HIGH CVSS 8.2 Published Dec 05, 2024

CVE-2024-51541

Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

UNKNOWN CVSS 8.2 Published Dec 05, 2024

CVE-2024-48847

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01

UNKNOWN CVSS 8.2 Published Dec 05, 2024

CVE-2024-48846

Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

HIGH CVSS 7.1 Published Dec 05, 2024

CVE-2024-48845

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

UNKNOWN CVSS 9.4 Published Dec 05, 2024

CVE-2024-48844

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

HIGH CVSS 7.7 Published Dec 05, 2024

CVE-2024-48843

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

HIGH CVSS 7.7 Published Dec 05, 2024

CVE-2024-48840

Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

UNKNOWN CVSS 10.0 Published Dec 05, 2024

CVE-2024-48839

Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CRITICAL CVSS 10.0 Published Dec 05, 2024

CVE-2024-11316

Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

HIGH CVSS 7.5 Published Dec 05, 2024

CVE-2024-6784

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

UNKNOWN CVSS 9.9 Published Dec 05, 2024

Version 0

Known Vulnerabilities

CVE-2024-51555

CVE-2024-51554

CVE-2024-51551

CVE-2024-51550

CVE-2024-51549

CVE-2024-51548

CVE-2024-51546

CVE-2024-51545

CVE-2024-51544

CVE-2024-51543

CVE-2024-51542

CVE-2024-51541

CVE-2024-48847

CVE-2024-48846

CVE-2024-48845

CVE-2024-48844

CVE-2024-48843

CVE-2024-48840

CVE-2024-48839

CVE-2024-11316

CVE-2024-6784

CVE-2024-6516

CVE-2024-6209

CVE-2024-6298