CVE-2024-48845
Weak Password Rules/Strength
In short
The affected ABB products allow weak passwords to be set during password reset, making it easier for attackers to gain unauthorized access to admin and application accounts.
Technical detail
CWE-521 vulnerability in ABB ASPECT Enterprise, NEXUS Series, and MATRIX Series v3.07.02 permits weak password configuration during reset operations, enabling brute-force or dictionary attacks against administrative and application interfaces without proper strength enforcement.
Summary generated and translated by AI from the official description.
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
public PoCs found — 1
exploitdbwww.exploit-db.com/exploits/52221unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →