CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-12429 – ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-12429
07 Jan 2025 — An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version ... • https://packetstorm.news/files/id/188713 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-12430 – ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-12430
07 Jan 2025 — An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. An attacker who successfully exploi... • https://packetstorm.news/files/id/188713 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51555 – Force Change of Default Credentials
https://notcve.org/view.php?id=CVE-2024-51555
05 Dec 2024 — Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-521: Weak Password Requirements CWE-1393: Use of Default Password •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51554 – off-by-one-error
https://notcve.org/view.php?id=CVE-2024-51554
05 Dec 2024 — Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51551 – Default Credentials
https://notcve.org/view.php?id=CVE-2024-51551
05 Dec 2024 — Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 2CVE-2024-51550 – Data Validation / Sanitization
https://notcve.org/view.php?id=CVE-2024-51550
05 Dec 2024 — Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an authenticated blind command injection vulnerability. Input passed to several POST parameters is not properly sanitized when writing files, allowing attackers to execute arbitrary shell commands on the system. There is also an o... • https://packetstorm.news/files/id/183448 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51549 – Absolute Path Traversal
https://notcve.org/view.php?id=CVE-2024-51549
05 Dec 2024 — Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-36: Absolute Path Traversal •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51548 – Dangerous File Upload
https://notcve.org/view.php?id=CVE-2024-51548
05 Dec 2024 — Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.7EPSS: 1%CPEs: 3EXPL: 1CVE-2024-51546 – Credentails Disclosure
https://notcve.org/view.php?id=CVE-2024-51546
05 Dec 2024 — Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from cleartext transmission and storage of sensitive information in a Cookie. This includes the globals parameter, where authdata contains base64-encoded credentials. A remote attacker can intercept the HTTP Cookie, including authentication credentials, through a man-in-the-middle a... • https://packetstorm.news/files/id/183349 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51545 – Username Enumeration
https://notcve.org/view.php?id=CVE-2024-51545
05 Dec 2024 — Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-522: Insufficiently Protected Credentials •