CVE-2024-48839

Remote Code Execution, RCE

CVSS 9.3 CRITICALEPSS 2.8%CWE-94

In short

A flaw in how ABB ASPECT, NEXUS, and MATRIX systems validate user input allows attackers to execute arbitrary code remotely on vulnerable systems. This is a critical vulnerability that can give attackers complete control over affected devices.

Technical detail

CWE-94 improper input validation in ABB ASPECT Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 enables remote code execution. An attacker can send malicious input through network-accessible interfaces without authentication pre-conditions to achieve arbitrary code execution with system-level impact.

Summary generated and translated by AI from the official description.

Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L

Affected products

ABB · ASPECT-Enterprise ABB · MATRIX Series ABB · NEXUS Series

public PoCs found — 2

exploitdbwww.exploit-db.com/exploits/52217unverified exploitdbwww.exploit-db.com/exploits/52216unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch