CVE-2024-13946

Name of the Vulnerable Software and Affected Versions ASPECT-Enterprise versions through 3.* NEXUS Series versions through 3.* MATRIX Series versions through 3.*

Description The issue is related to DLL's not being digitally signed when loaded in ASPECT's configuration toolset. This exposes the application to binary planting during device commissioning.

Recommendations For ASPECT-Enterprise versions through 3., consider implementing digital signatures for DLL's to prevent binary planting. For NEXUS Series versions through 3., restrict access to the configuration toolset during device commissioning to minimize the risk of exploitation. For MATRIX Series versions through 3.*, avoid using the configuration toolset until a fix is available that includes digital signatures for DLL's. As a temporary workaround, consider disabling the loading of unsigned DLL's in the configuration toolset until a patch is available.