CVE-2024-51550
Data Validation / Sanitization
In short
A vulnerability in ABB ASPECT and related systems allows attackers to inject malicious data into Aspect devices because the system doesn't properly check or clean incoming data. This can lead to unauthorized control or damage to industrial equipment.
Technical detail
CWE-1287 data validation/sanitization flaw enables injection attacks against ABB ASPECT Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02. Unvalidated input is processed directly on Aspect devices without sanitization, allowing attackers to inject arbitrary data with potential remote execution or system compromise depending on downstream processing.
Summary generated and translated by AI from the official description.
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
public PoCs found — 1
exploitdbwww.exploit-db.com/exploits/52217unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →