CyberAlerts

CVE-2024-51555

Description: Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-51554

off-by-one-error

Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-51551

Default Credentials

Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-51550

Data Validation / Sanitization

Description: Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-51549

Absolute Path Traversal

Description: Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-51548

Dangerous File Upload

Description: Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-51546

Credentails Disclosure

Description: Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-51545

Username Enumeration

Description: Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-51544

Service Control

Description: Service Control vulnerabilities allow access to service restart requests and vm configuration settings.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-51543

Information Disclosure

Description: Information Disclosure vulnerabilities allow access to application configuration information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-51555	Force Change of Default Credentials Description: Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-51554	off-by-one-error Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: HIGH (8.8) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-51551	Default Credentials Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 CVSS: CRITICAL (10.0) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-51550	Data Validation / Sanitization Description: Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-51549	Absolute Path Traversal Description: Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: CRITICAL (10.0) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-51548	Dangerous File Upload Description: Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: HIGH (8.7) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-51546	Credentails Disclosure Description: Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: HIGH (8.7) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-51545	Username Enumeration Description: Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-51544	Service Control Description: Service Control vulnerabilities allow access to service restart requests and vm configuration settings.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: HIGH (8.2) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-51543	Information Disclosure Description: Information Disclosure vulnerabilities allow access to application configuration information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: HIGH (8.8) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)