CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-48850 – Authenticated Absolute Path Traversal
https://notcve.org/view.php?id=CVE-2024-48850
22 May 2025 — Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-36: Absolute Path Traversal •
CVSS: 9.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-48853 – Authenticated Escalation to guest to root
https://notcve.org/view.php?id=CVE-2024-48853
22 May 2025 — An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: thr... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-286: Incorrect User Management •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9877 – Sensitive information submitted using GET method
https://notcve.org/view.php?id=CVE-2024-9877
30 Apr 2025 — : Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. • https://search.abb.com/library/Download.aspx?DocumentID=2CRT000006&LanguageCode=en&DocumentPartId=PDF&Action=Launch • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9876 – Application is vulnerable to Privilege escalation
https://notcve.org/view.php?id=CVE-2024-9876
30 Apr 2025 — : Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. • https://search.abb.com/library/Download.aspx?DocumentID=2CRT000006&LanguageCode=en&DocumentPartId=PDF&Action=Launch • CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47784 – Unverified Password Change
https://notcve.org/view.php?id=CVE-2024-47784
30 Apr 2025 — Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier. Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier. • https://search.abb.com/library/Download.aspx?DocumentID=2CRT000006&LanguageCode=en&DocumentPartId=PDF&Action=Launch • CWE-620: Unverified Password Change •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3395
https://notcve.org/view.php?id=CVE-2025-3395
30 Apr 2025 — Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. • https://search.abb.com/library/Download.aspx?DocumentID=3ADR011407&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-312: Cleartext Storage of Sensitive Information CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3394 – Vulnerability in user management of Automation Builder
https://notcve.org/view.php?id=CVE-2025-3394
30 Apr 2025 — Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. • https://search.abb.com/library/Download.aspx?DocumentID=3ADR011407&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10334 – Camera passwords stored in clear text
https://notcve.org/view.php?id=CVE-2024-10334
10 Feb 2025 — A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X. A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the v... • https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-256: Plaintext Storage of a Password •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51547 – Credentials Disclosure - keys
https://notcve.org/view.php?id=CVE-2024-51547
06 Feb 2025 — Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&LanguageCode=en&DocumentPartId=pdf%20-%20Public%20Advisory&Action=Launch • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 6CVE-2024-48841 – Remote Code Execution (RCE) Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-48841
27 Jan 2025 — Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/users/password endpoint. • https://packetstorm.news/files/id/188963 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •