CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10334 – Camera passwords stored in clear text
https://notcve.org/view.php?id=CVE-2024-10334
10 Feb 2025 — A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X. A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the v... • https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-256: Plaintext Storage of a Password •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51547 – Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2024-51547
06 Feb 2025 — Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&LanguageCode=en&DocumentPartId=pdf%20-%20Public%20Advisory&Action=Launch • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 6CVE-2024-48841 – Remote Code Execution (RCE) Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-48841
27 Jan 2025 — Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/users/password endpoint. • https://packetstorm.news/files/id/188963 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12429 – ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-12429
07 Jan 2025 — An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version ... • https://packetstorm.news/files/id/188713 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12430 – ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-12430
07 Jan 2025 — An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. An attacker who successfully exploi... • https://packetstorm.news/files/id/188713 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51555 – Force Change of Default Credentials
https://notcve.org/view.php?id=CVE-2024-51555
05 Dec 2024 — Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-521: Weak Password Requirements CWE-1393: Use of Default Password •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51554 – off-by-one-error
https://notcve.org/view.php?id=CVE-2024-51554
05 Dec 2024 — Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51551 – Default Credentials
https://notcve.org/view.php?id=CVE-2024-51551
05 Dec 2024 — Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2CVE-2024-51550 – Data Validation / Sanitization
https://notcve.org/view.php?id=CVE-2024-51550
05 Dec 2024 — Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an authenticated blind command injection vulnerability. Input passed to several POST parameters is not properly sanitized when writing files, allowing attackers to execute arbitrary shell commands on the system. There is also an o... • https://packetstorm.news/files/id/183448 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51549 – Absolute Path Traversal
https://notcve.org/view.php?id=CVE-2024-51549
05 Dec 2024 — Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-36: Absolute Path Traversal •