CVE-2024-48841 – Remote Code Execution (RCE) Vulnerabilities

https://notcve.org/view.php?id=CVE-2024-48841

27 Jan 2025 — Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/users/password endpoint. • https://packetstorm.news/files/id/188963 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •