CVE-2024-48841

Remote Code Execution (RCE) Vulnerabilities

CVSS 10 CRITICALEPSS 4.2%CWE-77

In short

A critical vulnerability in FLXEON 9.3.4 and older allows attackers to execute arbitrary code remotely with elevated privileges through network access. This could give attackers complete control over affected systems.

Technical detail

CWE-77 (Improper Neutralization of Special Elements used in a Command) enables remote code execution with elevated privileges via network access in FLXEON versions 9.3.4 and below. The vulnerability requires only network connectivity and allows unauthenticated attackers to achieve arbitrary code execution, resulting in full system compromise.

Summary generated and translated by AI from the official description.

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

ABB · FLXEON

public PoCs found — 2

exploitdbwww.exploit-db.com/exploits/52188unverified exploitdbwww.exploit-db.com/exploits/52186unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch