PT-2024-9181 · Abb · Matrix Series+2

Published

2024-12-05

Updated

2024-12-05

CVE-2024-51546

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02

Description: The issue is related to a credentials disclosure vulnerability that allows access to on-board project back-up bundles. It is associated with improper input validation, which can be exploited by a remote attacker to gain access to a project's backup copy.

Recommendations: For ABB ASPECT - Enterprise version 3.08.02, update to a version that fixes the credentials disclosure vulnerability. For NEXUS Series version 3.08.02, update to a version that fixes the credentials disclosure vulnerability. For MATRIX Series version 3.08.02, update to a version that fixes the credentials disclosure vulnerability.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1287CWE-522

Related Identifiers

BDU:2024-10868

CVE-2024-51546

Affected Products

Abb Aspect

Matrix Series

Nexus Series

PT-2024-9181 · Abb · Matrix Series+2

CVE-2024-51546

Weakness Enumeration

Related Identifiers

Affected Products

References · 10