CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 1CVE-2024-48844 – Denial of Service, DoS
https://notcve.org/view.php?id=CVE-2024-48844
05 Dec 2024 — Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://packetstorm.news/files/id/183447 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-48843 – Denial of Service, DoS
https://notcve.org/view.php?id=CVE-2024-48843
05 Dec 2024 — Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute arbitrary SQL command... • https://packetstorm.news/files/id/183357 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2CVE-2024-48840 – Unauthorized Access
https://notcve.org/view.php?id=CVE-2024-48840
05 Dec 2024 — Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an unauthenticated shell command execution vulnerability through the deployStart.php script. This allows any user to trigger the execution of rundeploy.sh script, which initializes the Java deployment server that sets various configurations, potentially causing unauthorized server initialization and p... • https://packetstorm.news/files/id/183179 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 6CVE-2024-48839 – Remote Code Execution, RCE
https://notcve.org/view.php?id=CVE-2024-48839
05 Dec 2024 — Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. The process involves uploading a crafted .aam file through fileS... • https://packetstorm.news/files/id/183448 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-11317 – PHP Session Fixation
https://notcve.org/view.php?id=CVE-2024-11317
05 Dec 2024 — Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 is vulnerable to session fixation, allowing an attacker to set a predefined PHPSESSID value. An attacker can leverage an unauthenticated reflected cross site scripting vulnerability in jsonProxy.php to inject a crafted req... • https://packetstorm.news/files/id/189097 • CWE-384: Session Fixation •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11316 – Filesize Check
https://notcve.org/view.php?id=CVE-2024-11316
05 Dec 2024 — Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 1CVE-2024-6784 – SSRF Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-6784
05 Dec 2024 — Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://packetstorm.news/files/id/183078 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 4CVE-2024-6516 – Cross Site Scripting XSS
https://notcve.org/view.php?id=CVE-2024-6516
05 Dec 2024 — Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an authenticated blind command injection vulnerability. Input passed to several POST parameters is not properly sanitized when writing files, allowing attackers to execute arbitrary shell commands on the system. There is also an off-by-... • https://packetstorm.news/files/id/183448 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6515 – unauthorized file access
https://notcve.org/view.php?id=CVE-2024-6515
05 Dec 2024 — Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 37EXPL: 0CVE-2024-8036 – Unauthorized Modifications of Firmware and Configuration
https://notcve.org/view.php?id=CVE-2024-8036
25 Oct 2024 — ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node. • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001911&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-347: Improper Verification of Cryptographic Signature •