CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51547 – Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2024-51547
06 Feb 2025 — Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&LanguageCode=en&DocumentPartId=pdf%20-%20Public%20Advisory&Action=Launch • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51555 – Force Change of Default Credentials
https://notcve.org/view.php?id=CVE-2024-51555
05 Dec 2024 — Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-521: Weak Password Requirements CWE-1393: Use of Default Password •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51554 – off-by-one-error
https://notcve.org/view.php?id=CVE-2024-51554
05 Dec 2024 — Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51551 – Default Credentials
https://notcve.org/view.php?id=CVE-2024-51551
05 Dec 2024 — Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2CVE-2024-51550 – Data Validation / Sanitization
https://notcve.org/view.php?id=CVE-2024-51550
05 Dec 2024 — Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an authenticated blind command injection vulnerability. Input passed to several POST parameters is not properly sanitized when writing files, allowing attackers to execute arbitrary shell commands on the system. There is also an o... • https://packetstorm.news/files/id/183448 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51549 – Absolute Path Traversal
https://notcve.org/view.php?id=CVE-2024-51549
05 Dec 2024 — Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-36: Absolute Path Traversal •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51548 – Dangerous File Upload
https://notcve.org/view.php?id=CVE-2024-51548
05 Dec 2024 — Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-51546 – Credentails Disclosure
https://notcve.org/view.php?id=CVE-2024-51546
05 Dec 2024 — Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from cleartext transmission and storage of sensitive information in a Cookie. This includes the globals parameter, where authdata contains base64-encoded credentials. A remote attacker can intercept the HTTP Cookie, including authentication credentials, through a man-in-the-middle a... • https://packetstorm.news/files/id/183349 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51545 – Username Enumeration
https://notcve.org/view.php?id=CVE-2024-51545
05 Dec 2024 — Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-51544 – Service Control
https://notcve.org/view.php?id=CVE-2024-51544
05 Dec 2024 — Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 has an authenticated access vulnerability in the aspectMemory.php script that allows attackers to set arbitrary values for Java heap memory parameters (HEAPMIN and HEAPMAX). This configuration is written to /usr/local/aam/etc/javamem. The absence of input validation can lead ... • https://packetstorm.news/files/id/183145 • CWE-15: External Control of System or Configuration Setting •