CVE-2024-51544

Service Control

CVSS 8.8 HIGHEPSS 13.5%CWE-15

In short

A vulnerability in ABB service management software allows unauthorized users to restart services and change virtual machine settings, potentially disrupting operations or gaining control over critical infrastructure.

Technical detail

Service Control CWE-15 vulnerability enables improper access to service restart and VM configuration endpoints in ABB ASPECT, NEXUS, and MATRIX v3.08.02. Exploitation requires network access to affected components; successful exploitation allows arbitrary service manipulation and system reconfiguration with high integrity and availability impact.

Summary generated and translated by AI from the official description.

Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:L/SI:L/SA:L

Affected products

ABB · ASPECT-Enterprise ABB · MATRIX Series ABB · NEXUS Series

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch