CyberAlerts

CVE-2024-6298

Description: Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely

CVSS: CRITICAL (9.4)

EPSS Score: 0.09%

Source: CVE

December 6th, 2024 (4 months ago)

CVE-2024-6209

unauthorized file access

Description: Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized

CVSS: CRITICAL (9.4)

EPSS Score: 0.09%

Source: CVE

December 6th, 2024 (4 months ago)

CVE-2024-54130

Segmentation Fault in `forwardBundle` Function of ION-DTN BPv7 When Destination EID is `dtn:none` (public)

Description: The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID (EID) set to dtn:none is received. This causes the node to become unresponsive to incoming bundles, leading to a Denial of Service (DoS) condition. This vulnerability is fixed in 4.1.3s.

CVSS: CRITICAL (9.2)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (4 months ago)

CVE-2024-54129

Improper Initialization of `imc` Scheme Leading to `SIGABRT` in ION-DTN BPv7

Description: The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part (SSP) in their Previous Node Block. The vulnerability can cause ION to become unresponsive. This vulnerability is fixed in 4.1.3s.

CVSS: CRITICAL (9.2)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (4 months ago)

CVE-2024-51555

Force Change of Default Credentials

Description: Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (4 months ago)

CVE-2024-51551

Default Credentials

Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (4 months ago)

CVE-2024-51550

Data Validation / Sanitization

Description: Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (4 months ago)

CVE-2024-51549

Absolute Path Traversal

Description: Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (4 months ago)

CVE-2024-51545

Username Enumeration

Description: Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (4 months ago)

CVE-2024-48845

Weak Password Rules/Strength

Description: Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-6298	remote code execution Description: Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely CVSS: CRITICAL (9.4) EPSS Score: 0.09% Source: CVE December 6th, 2024 (4 months ago)
CVE-2024-6209	unauthorized file access Description: Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized CVSS: CRITICAL (9.4) EPSS Score: 0.09% Source: CVE December 6th, 2024 (4 months ago)
CVE-2024-54130	Segmentation Fault in `forwardBundle` Function of ION-DTN BPv7 When Destination EID is `dtn:none` (public) Description: The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID (EID) set to dtn:none is received. This causes the node to become unresponsive to incoming bundles, leading to a Denial of Service (DoS) condition. This vulnerability is fixed in 4.1.3s. CVSS: CRITICAL (9.2) EPSS Score: 0.04% Source: CVE December 6th, 2024 (4 months ago)
CVE-2024-54129	Improper Initialization of `imc` Scheme Leading to `SIGABRT` in ION-DTN BPv7 Description: The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part (SSP) in their Previous Node Block. The vulnerability can cause ION to become unresponsive. This vulnerability is fixed in 4.1.3s. CVSS: CRITICAL (9.2) EPSS Score: 0.04% Source: CVE December 6th, 2024 (4 months ago)
CVE-2024-51555	Force Change of Default Credentials Description: Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE December 6th, 2024 (4 months ago)
CVE-2024-51551	Default Credentials Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 CVSS: CRITICAL (10.0) EPSS Score: 0.04% Source: CVE December 6th, 2024 (4 months ago)
CVE-2024-51550	Data Validation / Sanitization Description: Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE December 6th, 2024 (4 months ago)
CVE-2024-51549	Absolute Path Traversal Description: Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: CRITICAL (10.0) EPSS Score: 0.04% Source: CVE December 6th, 2024 (4 months ago)
CVE-2024-51545	Username Enumeration Description: Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE December 6th, 2024 (4 months ago)
CVE-2024-48845	Weak Password Rules/Strength Description: Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE December 6th, 2024 (4 months ago)