Improper Input Validation vulnerability exposes ABB ASPECT to Remote Code Execution
CVE-2024-48839

10CRITICAL

Key Information:

Vendor: Abb
Status: Aspect-enterprise; Nexus Series; Matrix Series
Vendor: CVE Published:; 5 December 2024

What is CVE-2024-48839?

A vulnerability present in multiple ABB products, including ASPECT - Enterprise, NEXUS Series, and MATRIX Series, stems from an improper input validation issue. This security flaw permits remote code execution, thereby potentially allowing an unauthorized attacker to execute arbitrary commands on the affected systems. As a result, this vulnerability raises significant concerns regarding the integrity and confidentiality of data handled by these products. Users and administrators should prioritize applying available patches and updates to mitigate risks associated with this issue.

Affected Version(s)

ASPECT-Enterprise Linux 0 <= 3.08.02

MATRIX Series Linux 0 <= 3.08.02

NEXUS Series Linux 0 <= 3.08.02

References

https://search.abb.com/library/Download.aspx?DocumentID=9...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Oct 8, 2024

Credit

ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure

Abb

What is CVE-2024-48839?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit