CVE-2024-51549

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02

Description: The issue is related to an absolute file traversal vulnerability, which allows access and modification of unintended resources. This is due to incorrect restriction of directory path names in the software of embedded network controllers for building management. Exploitation of this issue can allow a remote attacker to gain unauthorized access to resources and modify them.

Recommendations: For ABB ASPECT - Enterprise version 3.08.02, consider restricting access to sensitive resources until a patch is available. For NEXUS Series version 3.08.02, avoid using vulnerable functions that allow file traversal until the issue is resolved. For MATRIX Series version 3.08.02, limit the modification of resources to authorized personnel only as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.