CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-48843 – Denial of Service, DoS
https://notcve.org/view.php?id=CVE-2024-48843
05 Dec 2024 — Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute arbitrary SQL command... • https://packetstorm.news/files/id/183357 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 2CVE-2024-48840 – Unauthorized Access
https://notcve.org/view.php?id=CVE-2024-48840
05 Dec 2024 — Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an unauthenticated shell command execution vulnerability through the deployStart.php script. This allows any user to trigger the execution of rundeploy.sh script, which initializes the Java deployment server that sets various configurations, potentially causing unauthorized server initialization and p... • https://packetstorm.news/files/id/183179 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 6CVE-2024-48839 – Remote Code Execution, RCE
https://notcve.org/view.php?id=CVE-2024-48839
05 Dec 2024 — Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. The process involves uploading a crafted .aam file through fileS... • https://packetstorm.news/files/id/183448 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11316 – Filesize Check
https://notcve.org/view.php?id=CVE-2024-11316
05 Dec 2024 — Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 1CVE-2024-6784 – SSRF Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-6784
05 Dec 2024 — Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://packetstorm.news/files/id/183078 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 4CVE-2024-6516 – Cross Site Scripting XSS
https://notcve.org/view.php?id=CVE-2024-6516
05 Dec 2024 — Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an authenticated blind command injection vulnerability. Input passed to several POST parameters is not properly sanitized when writing files, allowing attackers to execute arbitrary shell commands on the system. There is also an off-by-... • https://packetstorm.news/files/id/183448 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •