PT-2025-32562 · Abb · Abb Aspect
Published
2025-08-11
·
Updated
2025-09-08
·
CVE-2025-53187
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
ABB ASPECT versions prior to 3.08.04-s01
Description
An issue in the configuration of ASPECT FW included debugging code in the market release, allowing an attacker to bypass authentication. This may allow an attacker to change the system time, access files, and make function calls without prior authentication. The vulnerability is due to improper control of generation of code ('Code Injection'). This allows for remote code execution (RCE) without prior authentication.
Recommendations
Update ASPECT to version 3.08.04-s01 or later.
Fix
RCE
Authentication Bypass Using an Alternate Path or Channel
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Abb Aspect