CVE-2024-6298
Remote code execution
Severity Score
9.4
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01.
Vulnerabilidad de validación de entrada incorrecta en ABB ASPECT-Enterprise en Linux, ABB NEXUS Series en Linux, ABB MATRIX Series en Linux permite la inclusión remota de código. Este problema afecta a ASPECT-Enterprise: hasta 3.08.01; Serie NEXUS: hasta el 3.08.01; Serie MATRIX: hasta el 3.08.01.
ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile() function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite() function, allowing arbitrary file writes. Combined with an improper sanitization of file paths, this leads to directory traversal, allowing an attacker to upload malicious files to arbitrary locations. Once a malicious file is written to an executable directory, an authenticated attacker can trigger the file to execute code and gain unauthorized access to the building controller.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-06-25 CVE Reserved
- 2024-07-05 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
- CAPEC-253: Remote Code Inclusion
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Abb Search vendor "Abb" | Aspect-ent-12 Firmware Search vendor "Abb" for product "Aspect-ent-12 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Aspect-ent-12 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Aspect-ent-12 Search vendor "Abb" for product "Aspect-ent-12" | - | - |
Safe
|
| Abb Search vendor "Abb" | Aspect-ent-2 Firmware Search vendor "Abb" for product "Aspect-ent-2 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Aspect-ent-2 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Aspect-ent-2 Search vendor "Abb" for product "Aspect-ent-2" | - | - |
Safe
|
| Abb Search vendor "Abb" | Aspect-ent-256 Firmware Search vendor "Abb" for product "Aspect-ent-256 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Aspect-ent-256 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Aspect-ent-256 Search vendor "Abb" for product "Aspect-ent-256" | - | - |
Safe
|
| Abb Search vendor "Abb" | Aspect-ent-96 Firmware Search vendor "Abb" for product "Aspect-ent-96 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Aspect-ent-96 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Aspect-ent-96 Search vendor "Abb" for product "Aspect-ent-96" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-2128 Firmware Search vendor "Abb" for product "Nexus-2128 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Nexus-2128 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-2128 Search vendor "Abb" for product "Nexus-2128" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-2128-a Firmware Search vendor "Abb" for product "Nexus-2128-a Firmware" | <= 3.08.01 Search vendor "Abb" for product "Nexus-2128-a Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-2128-a Search vendor "Abb" for product "Nexus-2128-a" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-2128-f Firmware Search vendor "Abb" for product "Nexus-2128-f Firmware" | <= 3.08.01 Search vendor "Abb" for product "Nexus-2128-f Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-2128-f Search vendor "Abb" for product "Nexus-2128-f" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-2128-g Firmware Search vendor "Abb" for product "Nexus-2128-g Firmware" | <= 3.08.01 Search vendor "Abb" for product "Nexus-2128-g Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-2128-g Search vendor "Abb" for product "Nexus-2128-g" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-264 Firmware Search vendor "Abb" for product "Nexus-264 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Nexus-264 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-264 Search vendor "Abb" for product "Nexus-264" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-264-a Firmware Search vendor "Abb" for product "Nexus-264-a Firmware" | <= 3.08.01 Search vendor "Abb" for product "Nexus-264-a Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-264-a Search vendor "Abb" for product "Nexus-264-a" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-264-f Firmware Search vendor "Abb" for product "Nexus-264-f Firmware" | <= 3.08.01 Search vendor "Abb" for product "Nexus-264-f Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-264-f Search vendor "Abb" for product "Nexus-264-f" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-264-g Firmware Search vendor "Abb" for product "Nexus-264-g Firmware" | <= 3.08.01 Search vendor "Abb" for product "Nexus-264-g Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-264-g Search vendor "Abb" for product "Nexus-264-g" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-3-2128 Firmware Search vendor "Abb" for product "Nexus-3-2128 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Nexus-3-2128 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-3-2128 Search vendor "Abb" for product "Nexus-3-2128" | - | - |
Safe
|
| Abb Search vendor "Abb" | Nexus-3-264 Firmware Search vendor "Abb" for product "Nexus-3-264 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Nexus-3-264 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Nexus-3-264 Search vendor "Abb" for product "Nexus-3-264" | - | - |
Safe
|
| Abb Search vendor "Abb" | Matrix-11 Firmware Search vendor "Abb" for product "Matrix-11 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Matrix-11 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Matrix-11 Search vendor "Abb" for product "Matrix-11" | - | - |
Safe
|
| Abb Search vendor "Abb" | Matrix-216 Firmware Search vendor "Abb" for product "Matrix-216 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Matrix-216 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Matrix-216 Search vendor "Abb" for product "Matrix-216" | - | - |
Safe
|
| Abb Search vendor "Abb" | Matrix-232 Firmware Search vendor "Abb" for product "Matrix-232 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Matrix-232 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Matrix-232 Search vendor "Abb" for product "Matrix-232" | - | - |
Safe
|
| Abb Search vendor "Abb" | Matrix-264 Firmware Search vendor "Abb" for product "Matrix-264 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Matrix-264 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Matrix-264 Search vendor "Abb" for product "Matrix-264" | - | - |
Safe
|
| Abb Search vendor "Abb" | Matrix-296 Firmware Search vendor "Abb" for product "Matrix-296 Firmware" | <= 3.08.01 Search vendor "Abb" for product "Matrix-296 Firmware" and version " <= 3.08.01" | - |
Affected
| in | Abb Search vendor "Abb" | Matrix-296 Search vendor "Abb" for product "Matrix-296" | - | - |
Safe
|