CVE-2024-48847

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.01 NEXUS Series version 3.08.01 MATRIX Series version 3.08.01

Description: The issue is related to a weakness in the way an application dependency calculates or validates MD5 checksum hashes, allowing for MD5 Checksum Bypass vulnerabilities. This weakness can be exploited by a remote attacker to impact data integrity. The vulnerability is associated with the use of a reversible one-way hash function.

Recommendations: For ABB ASPECT - Enterprise version 3.08.01, consider disabling the MD5 checksum validation until a patch is available. For NEXUS Series version 3.08.01, restrict access to the application dependency that calculates or validates MD5 checksum hashes to minimize the risk of exploitation. For MATRIX Series version 3.08.01, avoid using the MD5 checksum hash function in the affected application dependency until the issue is resolved. As a temporary workaround, consider implementing additional integrity checks to mitigate the risk of data tampering.