CVE-2024-48849
Authentication and Authorization Issues
In short
FLXEON fails to properly validate the origin of WebSocket connections, allowing attackers to make unauthorized HTTPS requests by exploiting weak session management. This could let someone perform actions on behalf of a legitimate user without their knowledge.
Technical detail
A missing Origin validation vulnerability in FLXEON's WebSocket implementation allows cross-site request forgery (CSRF) attacks. The insufficient session management mechanism fails to verify the legitimacy of connection origins, enabling an attacker to trigger unauthorized HTTPS requests in the context of an authenticated user's session. Affected versions: up to 9.3.4.
Summary generated and translated by AI from the official description.
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
ABB · FLXEONWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →