Access to Application Configuration Information
CVE-2024-51543

7.5HIGH

Key Information:

Vendor: Abb
Status: Aspect-enterprise; Nexus Series; Matrix Series
Vendor: CVE Published:; 5 December 2024

What is CVE-2024-51543?

The identified vulnerability allows unauthorized access to sensitive application configuration information within the affected ABB products. This information disclosure can potentially be exploited by attackers, leading to unauthorized viewing of sensitive information stored within the applications. It is imperative for users of ABB ASPECT, NEXUS, and MATRIX series versions 3.08.02 to evaluate their security posture and apply the necessary mitigations as outlined by ABB to protect their systems.

Affected Version(s)

ASPECT-Enterprise Linux 0 <= 3.08.02

MATRIX Series Linux 0 <= 3.08.02

NEXUS Series Linux 0 <= 3.08.02

References

https://search.abb.com/library/Download.aspx?DocumentID=9...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Oct 29, 2024

Credit

ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure

Abb

What is CVE-2024-51543?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit