PT-2024-9193 · Abb · Matrix Series+2
Published
2024-12-05
·
Updated
2024-12-05
·
CVE-2024-6516
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Red |
Name of the Vulnerable Software and Affected Versions:
ABB ASPECT - Enterprise version 3.08.02
NEXUS Series version 3.08.02
MATRIX Series version 3.08.02
Description:
Cross Site Scripting vulnerabilities were found, providing a potential for malicious scripts to be injected into a client browser. The vulnerability is related to the lack of protection of the web page structure, which may allow a remote attacker to conduct a cross-site scripting (XSS) attack.
Recommendations:
For ABB ASPECT - Enterprise version 3.08.02, consider disabling access to vulnerable web pages until a patch is available.
For NEXUS Series version 3.08.02, restrict access to the web interface to minimize the risk of exploitation.
For MATRIX Series version 3.08.02, avoid using the web interface for sensitive operations until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Abb Aspect
Matrix Series
Nexus Series