// For flags

CVE-2024-13949

Log Forging

Severity Score

6.9
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

Multiple PHP and Java components across the system fail to properly sanitize user-supplied input before including it in application logs. In PHP, files like supervisorProxy.php directly embed values such as $_SERVER['REQUEST_URI'] and raw POST bodies into log messages without filtering, enabling attackers to inject arbitrary log entries using encoded newline characters. Similarly, Java classes using LoggerUtil.logger.* methods concatenate user-controlled strings like usernames and cookie keys into logs without validation. This systemic flaw allows for log forging, manipulating log content to obfuscate activity, insert misleading entries, or facilitate follow-up attacks. Version 3.08.03 is affected.

*Credits: ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
High
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
High
High
Availability
None
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Multiple
Confidentiality
None
Integrity
Complete
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2025-05-08 CVE Reserved
  • 2025-05-22 CVE Published
  • 2025-05-22 CVE Updated
  • 2025-05-23 First Exploit
  • 2025-05-28 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-117: Improper Output Neutralization for Logs
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Abb
Search vendor "Abb"
Matrix Series
Search vendor "Abb" for product "Matrix Series"
*-
Affected
Abb
Search vendor "Abb"
Nexus Series
Search vendor "Abb" for product "Nexus Series"
*-
Affected