CVE-2024-48840

Unauthorized Access

CVSS 9.3 CRITICALEPSS 2.1%CWE-94

In short

A critical flaw in ABB ASPECT Enterprise, NEXUS Series, and MATRIX Series allows attackers to execute malicious code remotely without proper authorization. This means an attacker could take complete control of affected systems.

Technical detail

CWE-94 (Code Injection) vulnerability enabling unauthenticated remote code execution in ABB products (ASPECT Enterprise v3.08.02, NEXUS Series v3.08.02, MATRIX Series v3.08.02). The vulnerability permits attackers to inject and execute arbitrary code within the application context, potentially compromising system integrity and confidentiality. Immediate patching is required to mitigate critical risk.

Summary generated and translated by AI from the official description.

Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L

Affected products

ABB · ASPECT-Enterprise ABB · MATRIX Series ABB · NEXUS Series

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/52251unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch