CVE-2024-48839

🗓️ 05 Dec 2024 12:37:28Reported by ABBType

cve🔗 web.nvd.nist.gov👁 222 Views🌐 WEB

Improper input validation allows remote code execution in ABB ASPECT Enterprise, NEXUS Series, and MATRIX Series v3.08.0

Reporter	Title	Published	Views	Family All 21
0day.today	ABB Cylon Aspect 3.08.02 uploadDb.php Remote Code Execution Vulnerability	9 Jan 202500:00	–	zdt
0day.today	ABB Cylon Aspect 3.08.02 bbmdUpdate.php Remote Code Execution Vulnerability	9 Jan 202500:00	–	zdt
BDU FSTEC	The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series lies in improper code generation, allowing attackers to execute arbitrary codes.	12 Dec 202400:00	–	bdu_fstec
Circl	CVE-2024-48839	5 Dec 202412:52	–	circl
CNNVD	ABB ASPECT 安全漏洞	5 Dec 202400:00	–	cnnvd
Cvelist	CVE-2024-48839 Remote Code Execution, RCE	5 Dec 202412:37	–	cvelist
Exploit DB	ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution	15 Apr 202500:00	–	exploitdb
Exploit DB	ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution	15 Apr 202500:00	–	exploitdb
EUVD	EUVD-2024-43198	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series	6 Dec 202411:49	–	ncsc

NVD

Node

abb aspect-ent-2_firmwareRange<3.08.03

AND

abb aspect-ent-2Match-

Node

abb aspect-ent-256_firmwareRange<3.08.03

AND

abb aspect-ent-256Match-

Node

abb aspect-ent-96_firmwareRange<3.08.03

AND

abb aspect-ent-96Match-

Node

abb nexus-2128_firmwareRange<3.08.03

AND

abb nexus-2128Match-

Node

abb nexus-2128-a_firmwareRange<3.08.03

AND

abb nexus-2128-aMatch-

Node

abb nexus-2128-f_firmwareRange<3.08.03

AND

abb nexus-2128-fMatch-

Node

abb nexus-2128-g_firmwareRange<3.08.03

AND

abb nexus-2128-gMatch-

Node

abb nexus-264_firmwareRange<3.08.03

AND

abb nexus-264Match-

Node

abb nexus-264-a_firmwareRange<3.08.03

AND

abb nexus-264-aMatch-

Node

abb nexus-264-g_firmwareRange<3.08.03

AND

abb nexus-264-gMatch-

Node

abb nexus-3-2128_firmwareRange<3.08.03

AND

abb nexus-3-2128Match-

Node

abb aspect-ent-12_firmwareRange<3.08.03

AND

abb aspect-ent-12Match-

Node

abb nexus-264-f_firmwareRange<3.08.03

AND

abb nexus-264-fMatch-

Node

abb nexus-3-264_firmwareRange<3.08.03

AND

abb nexus-3-264Match-

Node

abb matrix-11_firmwareRange<3.08.03

AND

abb matrix-11Match-

Node

abb matrix-216_firmwareRange<3.08.03

AND

abb matrix-216Match-

Node

abb matrix-232_firmwareRange<3.08.03

AND

abb matrix-232Match-

Node

abb matrix-264_firmwareRange<3.08.03

AND

abb matrix-264Match-

Node

abb matrix-296_firmwareRange<3.08.03

AND

abb matrix-296Match-

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ASPECT-Enterprise",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "NEXUS Series",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "MATRIX Series",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
search	www.search.abb.com/library/Download.aspx

Parameter	Position	Path	Description	CWE
userfile	binary	uploadDb.php	Authenticated OS command injection via contents of the uploaded .db file passed to the copyFile.sh script (arbitrary commands executed on the server).	CWE-94

17 Jun 2026 07:58Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8 - 10

CVSS 49.3

EPSS0.02846

SSVC

CWE-94