MD5 bypass operation
CVE-2024-48847
9.1CRITICAL
What is CVE-2024-48847?
A significant vulnerability has been identified in ABB software that allows attackers to exploit weaknesses in the MD5 checksum validation process. This flaw can potentially enable unauthorized access or manipulation of critical application functionalities. Affected products, including ABB ASPECT - Enterprise v3.08.01 as well as NEXUS and MATRIX Series v3.08.01, may face severe security risks due to inadequate validation mechanisms inherent in their design. Addressing this vulnerability is essential to maintain the integrity and security of systems utilizing these products.
Affected Version(s)
ASPECT-Enterprise Linux 0 <= 3.08.01
MATRIX Series Linux 0 <= 3.08.01
NEXUS Series Linux 0 <= 3.08.01
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure