CVE-2024-6209

unauthorized file access

Severity Score

9.4

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series

v <=3.08.01

; MATRIX Series

v<=3.08.01 allows Attacker to access files unauthorized

Acceso no autorizado a archivos en WEB Server en ABB ASPECT - Enterprise v <=3.08.01; Serie NEXUS v <=3.08.01; MATRIX Series v<=3.08.01 permite a un atacante acceder a archivos no autorizados

*Credits: N/A

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-06-20 CVE Reserved
2024-07-05 CVE Published
2024-07-09 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-552: Files or Directories Accessible to External Parties

CAPEC

CAPEC-115: Authentication Bypass

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964	2024-07-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Abb Search vendor "Abb"	Aspect-ent-12 Firmware Search vendor "Abb" for product "Aspect-ent-12 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Aspect-ent-12 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Aspect-ent-12 Search vendor "Abb" for product "Aspect-ent-12"	-	-	Safe
Abb Search vendor "Abb"	Aspect-ent-2 Firmware Search vendor "Abb" for product "Aspect-ent-2 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Aspect-ent-2 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Aspect-ent-2 Search vendor "Abb" for product "Aspect-ent-2"	-	-	Safe
Abb Search vendor "Abb"	Aspect-ent-256 Firmware Search vendor "Abb" for product "Aspect-ent-256 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Aspect-ent-256 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Aspect-ent-256 Search vendor "Abb" for product "Aspect-ent-256"	-	-	Safe
Abb Search vendor "Abb"	Aspect-ent-96 Firmware Search vendor "Abb" for product "Aspect-ent-96 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Aspect-ent-96 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Aspect-ent-96 Search vendor "Abb" for product "Aspect-ent-96"	-	-	Safe
Abb Search vendor "Abb"	Nexus-2128 Firmware Search vendor "Abb" for product "Nexus-2128 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Nexus-2128 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Nexus-2128 Search vendor "Abb" for product "Nexus-2128"	-	-	Safe
Abb Search vendor "Abb"	Nexus-2128-a Firmware Search vendor "Abb" for product "Nexus-2128-a Firmware"	<= 3.08.01 Search vendor "Abb" for product "Nexus-2128-a Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Nexus-2128-a Search vendor "Abb" for product "Nexus-2128-a"	-	-	Safe
Abb Search vendor "Abb"	Nexus-2128-f Firmware Search vendor "Abb" for product "Nexus-2128-f Firmware"	<= 3.08.01 Search vendor "Abb" for product "Nexus-2128-f Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Nexus-2128-f Search vendor "Abb" for product "Nexus-2128-f"	-	-	Safe
Abb Search vendor "Abb"	Nexus-2128-g Firmware Search vendor "Abb" for product "Nexus-2128-g Firmware"	<= 3.08.01 Search vendor "Abb" for product "Nexus-2128-g Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Nexus-2128-g Search vendor "Abb" for product "Nexus-2128-g"	-	-	Safe
Abb Search vendor "Abb"	Nexus-264 Firmware Search vendor "Abb" for product "Nexus-264 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Nexus-264 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Nexus-264 Search vendor "Abb" for product "Nexus-264"	-	-	Safe
Abb Search vendor "Abb"	Nexus-264-a Firmware Search vendor "Abb" for product "Nexus-264-a Firmware"	<= 3.08.01 Search vendor "Abb" for product "Nexus-264-a Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Nexus-264-a Search vendor "Abb" for product "Nexus-264-a"	-	-	Safe
Abb Search vendor "Abb"	Nexus-264-f Firmware Search vendor "Abb" for product "Nexus-264-f Firmware"	<= 3.08.01 Search vendor "Abb" for product "Nexus-264-f Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Nexus-264-f Search vendor "Abb" for product "Nexus-264-f"	-	-	Safe
Abb Search vendor "Abb"	Nexus-264-g Firmware Search vendor "Abb" for product "Nexus-264-g Firmware"	<= 3.08.01 Search vendor "Abb" for product "Nexus-264-g Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Nexus-264-g Search vendor "Abb" for product "Nexus-264-g"	-	-	Safe
Abb Search vendor "Abb"	Nexus-3-2128 Firmware Search vendor "Abb" for product "Nexus-3-2128 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Nexus-3-2128 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Nexus-3-2128 Search vendor "Abb" for product "Nexus-3-2128"	-	-	Safe
Abb Search vendor "Abb"	Nexus-3-264 Firmware Search vendor "Abb" for product "Nexus-3-264 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Nexus-3-264 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Nexus-3-264 Search vendor "Abb" for product "Nexus-3-264"	-	-	Safe
Abb Search vendor "Abb"	Matrix-11 Firmware Search vendor "Abb" for product "Matrix-11 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Matrix-11 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Matrix-11 Search vendor "Abb" for product "Matrix-11"	-	-	Safe
Abb Search vendor "Abb"	Matrix-216 Firmware Search vendor "Abb" for product "Matrix-216 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Matrix-216 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Matrix-216 Search vendor "Abb" for product "Matrix-216"	-	-	Safe
Abb Search vendor "Abb"	Matrix-232 Firmware Search vendor "Abb" for product "Matrix-232 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Matrix-232 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Matrix-232 Search vendor "Abb" for product "Matrix-232"	-	-	Safe
Abb Search vendor "Abb"	Matrix-264 Firmware Search vendor "Abb" for product "Matrix-264 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Matrix-264 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Matrix-264 Search vendor "Abb" for product "Matrix-264"	-	-	Safe
Abb Search vendor "Abb"	Matrix-296 Firmware Search vendor "Abb" for product "Matrix-296 Firmware"	<= 3.08.01 Search vendor "Abb" for product "Matrix-296 Firmware" and version " <= 3.08.01"	-	Affected	in	Abb Search vendor "Abb"	Matrix-296 Search vendor "Abb" for product "Matrix-296"	-	-	Safe