CVE-2024-11316

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02

Description: The issue allows a malicious user to bypass size limits or overload the product. It is related to unlimited resource allocation in the software of embedded network controllers for building management, which can be exploited by a remote attacker to cause a device reboot.

Recommendations: For ABB ASPECT - Enterprise version 3.08.02, consider disabling the functionality that allows file size checks until a patch is available. For NEXUS Series version 3.08.02, restrict access to the module that handles file size limits to minimize the risk of exploitation. For MATRIX Series version 3.08.02, avoid using the parameter that controls file size checks in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.