CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51553 – Predictable Filename
https://notcve.org/view.php?id=CVE-2024-51553
22 May 2025 — Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-73: External Control of File Name or Path •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13951 – One way hash with predictable salt
https://notcve.org/view.php?id=CVE-2024-13951
22 May 2025 — One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-760: Use of a One-Way Hash with a Predictable Salt •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13950 – Log Injection
https://notcve.org/view.php?id=CVE-2024-13950
22 May 2025 — Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2024-13949 – Log Forging
https://notcve.org/view.php?id=CVE-2024-13949
22 May 2025 — Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Multiple PHP and Java components across the system fail to properly sanitize user-supplied input before including it in application logs. In PHP, files like supervisorProxy.php directly embed values such as $_SERVER['REQUEST_URI'] and raw POST bodies in... • https://packetstorm.news/files/id/194979 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-48848 – LARGECONTENT - device disk overutilization
https://notcve.org/view.php?id=CVE-2024-48848
22 May 2025 — Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-13948 – Insecure Permissions
https://notcve.org/view.php?id=CVE-2024-13948
22 May 2025 — Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB Cylon Aspect Studio version 3.08.03 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Mod... • https://packetstorm.news/files/id/194980 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13947 – External System or Configuration Control
https://notcve.org/view.php?id=CVE-2024-13947
22 May 2025 — Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 2CVE-2024-13946 – Binary Planting / LoadLibrary DLL's not Signed
https://notcve.org/view.php?id=CVE-2024-13946
22 May 2025 — DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://packetstorm.news/files/id/194981 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-13931 – Authenticated Relative Path Traversal
https://notcve.org/view.php?id=CVE-2024-13931
22 May 2025 — Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-606: Unchecked Input for Loop Condition •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-13930 – Authenticated Unchecked Loop Condition
https://notcve.org/view.php?id=CVE-2024-13930
22 May 2025 — An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-606: Unchecked Input for Loop Condition •