Missing Origin Validation Vulnerability in FLXEON by ABB
CVE-2024-48849
8.8HIGH
What is CVE-2024-48849?
A vulnerability exists in the FLXEON product due to inadequate session management, allowing unauthorized HTTPS requests through the WebSockets interface. This flaw impacts all versions of FLXEON up to and including 9.3.4, potentially exposing sensitive communication to unauthorized entities. Corrective measures are paramount to ensure secure session handling and protect user data.
Affected Version(s)
FLXEON 0
References
CVSS V4
Score:
8.8
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure.