CVE-2024-6209

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise versions 3.08.01 ABB NEXUS Series versions 3.08.01 ABB MATRIX Series versions 3.08.01

Description: An unauthorized file access issue exists in the WEB Server of ABB ASPECT - Enterprise, NEXUS Series, and MATRIX Series. This allows an attacker to access unauthorized files. The vulnerability is related to the use of files and directories accessible to external parties. Exploitation may allow a remote attacker to gain unauthorized access to the device and delete arbitrary files. The vulnerability is a pre-authentication directory traversal and file deletion issue, rather than a file read issue. A remote code execution (RCE) vulnerability also exists in the same file, pre-authentication.

Recommendations: ABB ASPECT - Enterprise version 3.08.01: At the moment, there is no information about a newer version that contains a fix for this vulnerability. ABB NEXUS Series version 3.08.01: At the moment, there is no information about a newer version that contains a fix for this vulnerability. ABB MATRIX Series version 3.08.01: At the moment, there is no information about a newer version that contains a fix for this vulnerability.