CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2410 – Admin Authorized Port (iptables) manipulation (open/close/disable ports)
https://notcve.org/view.php?id=CVE-2025-2410
22 May 2025 — Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-36: Absolute Path Traversal CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9639 – Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9639
22 May 2025 — Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-48850 – Authenticated Absolute Path Traversal
https://notcve.org/view.php?id=CVE-2024-48850
22 May 2025 — Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-36: Absolute Path Traversal •
CVSS: 9.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-48853 – Authenticated Escalation to guest to root
https://notcve.org/view.php?id=CVE-2024-48853
22 May 2025 — An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: thr... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-286: Incorrect User Management •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51555 – Force Change of Default Credentials
https://notcve.org/view.php?id=CVE-2024-51555
05 Dec 2024 — Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-521: Weak Password Requirements CWE-1393: Use of Default Password •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51554 – off-by-one-error
https://notcve.org/view.php?id=CVE-2024-51554
05 Dec 2024 — Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51551 – Default Credentials
https://notcve.org/view.php?id=CVE-2024-51551
05 Dec 2024 — Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 2CVE-2024-51550 – Data Validation / Sanitization
https://notcve.org/view.php?id=CVE-2024-51550
05 Dec 2024 — Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an authenticated blind command injection vulnerability. Input passed to several POST parameters is not properly sanitized when writing files, allowing attackers to execute arbitrary shell commands on the system. There is also an o... • https://packetstorm.news/files/id/183448 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51549 – Absolute Path Traversal
https://notcve.org/view.php?id=CVE-2024-51549
05 Dec 2024 — Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-36: Absolute Path Traversal •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51548 – Dangerous File Upload
https://notcve.org/view.php?id=CVE-2024-51548
05 Dec 2024 — Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-434: Unrestricted Upload of File with Dangerous Type •