The vulnerability in the databasefiledelete.php script of the ASPECT Enterprise, NEXUS Series, MATRIX Series embedded network controller software web server allows a perpetrator to gain unauthorized access to the device and delete arbitrary files.

Flaw in databasefiledelete.php allows file deletion on ASPECT Enterprise NEXUS and MATRIX devices.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2024-6209	5 Jul 202414:10	–	circl
CNNVD	ABB ASPECT Security Vulnerability	5 Jul 202400:00	–	cnnvd
CVE	CVE-2024-6209	5 Jul 202411:10	–	cve
Cvelist	CVE-2024-6209 unauthorized file access	5 Jul 202411:10	–	cvelist
Exploit DB	ABB Cylon Aspect 3.08.01 - Arbitrary File Delete	2 Apr 202500:00	–	exploitdb
EUVD	EUVD-2024-47987	5 Jul 202411:10	–	euvd
NCSC	Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series	6 Dec 202411:49	–	ncsc
NVD	CVE-2024-6209	5 Jul 202411:15	–	nvd
OSV	CVE-2024-6209	5 Jul 202411:15	–	osv
Packet Storm	ABB Cylon Aspect 3.08.01 Arbitrary File Deletion	24 Sep 202400:00	–	packetstorm

Vulners

Node

abb aspect-ent-2Range≤3.08.01

abb nexus-2128Range≤3.08.01

abb nexus-2128-aRange≤3.08.01

abb nexus-2128-fRange≤3.08.01

abb nexus-2128-gRange≤3.08.01

abb nexus-264Range≤3.08.01

abb nexus-264-aRange≤3.08.01

abb nexus-264-fRange≤3.08.01

abb nexus-264-gRange≤3.08.01

abb nexus-3-2128Range≤3.08.01

abb nexus-3-264Range≤3.08.01

abb matrix-11Range≤3.08.01

abb matrix-216Range≤3.08.01

abb matrix-232Range≤3.08.01

abb matrix-264Range≤3.08.01

abb matrix-296Range≤3.08.01

Source	Link
search	www.search.abb.com/library/Download.aspx
packetstormsecurity	www.packetstormsecurity.com/files/cve/CVE-2024-6209
sploitus	www.sploitus.com/exploit
web	www.web.nvd.nist.gov/view/vuln/detail

09 Oct 2024 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 28.3

CVSS 39.6

EPSS0.42845