Abb Aspect-ent-96_firmware
29 CVEs affecting Abb Aspect-ent-96_firmware. Latest disclosed: 2025-02-06. Critical: 16, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-51551 | Critical | 10.0 | 2024-12-05 | Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPE… |
CVE-2024-51550 | Critical | 10.0 | 2024-12-05 | Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: … |
CVE-2024-51549 | Critical | 10.0 | 2024-12-05 | Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXU… |
CVE-2024-51545 | Critical | 10.0 | 2024-12-05 | Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Ente… |
CVE-2024-48840 | Critical | 10.0 | 2024-12-05 | Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series… |
CVE-2024-48839 | Critical | 10.0 | 2024-12-05 | Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX S… |
CVE-2024-11317 | Critical | 10.0 | 2024-12-05 | Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. … |
CVE-2024-6298 | Critical | 10.0 | 2024-07-05 | Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arb… |
CVE-2024-6209 | Critical | 10.0 | 2024-07-05 | Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access file… |
CVE-2024-6784 | Critical | 9.9 | 2024-12-05 | Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affec… |
CVE-2024-51548 | Critical | 9.9 | 2024-12-05 | Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRI… |
CVE-2024-51547 | Critical | 9.8 | 2025-02-06 | Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NE… |
CVE-2024-6515 | Critical | 9.6 | 2024-12-05 | Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails e… |
CVE-2024-48845 | Critical | 9.4 | 2024-12-05 | Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/appli… |
CVE-2024-51554 | Critical | 9.1 | 2024-12-05 | Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPE… |
CVE-2024-6516 | Critical | 9.0 | 2024-12-05 | Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB AS… |
CVE-2024-4007 | High | 8.8 | 2024-07-01 | Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. |
CVE-2024-51544 | High | 8.2 | 2024-12-05 | Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT - Enterprise v3.08.02… |
CVE-2024-51543 | High | 8.2 | 2024-12-05 | Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Se… |
CVE-2024-51542 | High | 8.2 | 2024-12-05 | Configuration Download vulnerabilities allow access to dependency configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Ser… |