CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13967 – ession-Management Failure
https://notcve.org/view.php?id=CVE-2024-13967
04 Jun 2025 — This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8. Esta vulnerabilidad permite al atacante obtener acceso no autorizado a una página web de configuración proporcionada por el servidor web integrado de EIBPORT. Este problema afecta a EIBPORT V3 KNX (hasta la versión 3.9.8) y EIBPORT V3 KNX GSM (hasta la versión 3.9.8). • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A1621&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-384: Session Fixation •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13945 – Stored Absolute Path Traversal
https://notcve.org/view.php?id=CVE-2024-13945
23 May 2025 — Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-36: Absolute Path Traversal •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51552 – Weak Password Storage
https://notcve.org/view.php?id=CVE-2024-51552
22 May 2025 — Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13958 – Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-13958
22 May 2025 — Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13957 – SSRF Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-13957
22 May 2025 — SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13956 – SSL Verification Bypass
https://notcve.org/view.php?id=CVE-2024-13956
22 May 2025 — SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-295: Improper Certificate Validation •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13955 – SQL Injection 2nd Order
https://notcve.org/view.php?id=CVE-2024-13955
22 May 2025 — 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13954 – Serialization / Deserialization of configuration data
https://notcve.org/view.php?id=CVE-2024-13954
22 May 2025 — Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13953 – Sensitive Information disclosed in log files
https://notcve.org/view.php?id=CVE-2024-13953
22 May 2025 — Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13952 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-13952
22 May 2025 — Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-94: Improper Control of Generation of Code ('Code Injection') •