CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51543 – Information Disclosure
https://notcve.org/view.php?id=CVE-2024-51543
05 Dec 2024 — Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-15: External Control of System or Configuration Setting •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51542 – Configuration Download
https://notcve.org/view.php?id=CVE-2024-51542
05 Dec 2024 — Configuration Download vulnerabilities allow access to dependency configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51541 – Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-51541
05 Dec 2024 — Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-48847 – MD5 bypass operation
https://notcve.org/view.php?id=CVE-2024-48847
05 Dec 2024 — MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-328: Use of Weak Hash •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-48846 – Cross Side Request Forgery, CSRF
https://notcve.org/view.php?id=CVE-2024-48846
05 Dec 2024 — Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://packetstorm.news/files/id/183031 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-48845 – Weak Password Rules/Strength
https://notcve.org/view.php?id=CVE-2024-48845
05 Dec 2024 — Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 • https://packetstorm.news/files/id/183354 • CWE-521: Weak Password Requirements •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 1CVE-2024-48844 – Denial of Service, DoS
https://notcve.org/view.php?id=CVE-2024-48844
05 Dec 2024 — Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://packetstorm.news/files/id/183447 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-48843 – Denial of Service, DoS
https://notcve.org/view.php?id=CVE-2024-48843
05 Dec 2024 — Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute arbitrary SQL command... • https://packetstorm.news/files/id/183357 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2CVE-2024-48840 – Unauthorized Access
https://notcve.org/view.php?id=CVE-2024-48840
05 Dec 2024 — Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an unauthenticated shell command execution vulnerability through the deployStart.php script. This allows any user to trigger the execution of rundeploy.sh script, which initializes the Java deployment server that sets various configurations, potentially causing unauthorized server initialization and p... • https://packetstorm.news/files/id/183179 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 6CVE-2024-48839 – Remote Code Execution, RCE
https://notcve.org/view.php?id=CVE-2024-48839
05 Dec 2024 — Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. The process involves uploading a crafted .aam file through fileS... • https://packetstorm.news/files/id/183448 • CWE-94: Improper Control of Generation of Code ('Code Injection') •