PT-2024-9197 · Abb · Abb Matrix Series+2
Published
2024-12-05
·
Updated
2024-12-05
·
CVE-2024-51542
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L |
Name of the Vulnerable Software and Affected Versions:
ABB ASPECT Enterprise version 3.08.02
ABB NEXUS Series version 3.08.02
ABB MATRIX Series version 3.08.02
Description:
The issue is related to the use of files and directories that are accessible to external parties, potentially allowing a remote attacker to gain access to protected information. It is associated with configuration download vulnerabilities, which can provide access to dependency configuration information.
Recommendations:
For ABB ASPECT Enterprise version 3.08.02, update to a version that addresses the configuration download vulnerabilities.
For ABB NEXUS Series version 3.08.02, update to a version that addresses the configuration download vulnerabilities.
For ABB MATRIX Series version 3.08.02, update to a version that addresses the configuration download vulnerabilities.
As a temporary workaround, consider restricting access to configuration information until a patch is available.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Abb Aspect Enterprise
Abb Matrix Series
Abb Nexus Series