CVE-2024-51544

🗓️ 05 Dec 2024 12:48:32Reported by ABBType

cve🔗 web.nvd.nist.gov👁 70 Views🌐 WEB

Service Control vulnerabilities in ABB ASPECT - Enterprise, NEXUS Series, MATRIX Series v3.08.0

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-51544	5 Dec 202413:22	–	circl
CNNVD	ABB ASPECT 安全漏洞	5 Dec 202400:00	–	cnnvd
Cvelist	CVE-2024-51544 Service Control	5 Dec 202412:48	–	cvelist
EUVD	EUVD-2024-45749	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series	6 Dec 202411:49	–	ncsc
NVD	CVE-2024-51544	5 Dec 202413:15	–	nvd
RedhatCVE	CVE-2024-51544	5 Feb 202503:25	–	redhatcve
Vulnrichment	CVE-2024-51544 Service Control	5 Dec 202412:48	–	vulnrichment
Zero Science Lab	ABB Cylon Aspect 3.08.02 (aspectMemory.php) Arbitrary Heap Memory Configuration	13 Dec 202400:00	–	zeroscience

NVD

Node

abb aspect-ent-12_firmwareRange<3.08.03

AND

abb aspect-ent-12Match-

Node

abb aspect-ent-2Match-

AND

abb aspect-ent-2_firmwareRange<3.08.03

Node

abb aspect-ent-256Match-

AND

abb aspect-ent-256_firmwareRange<3.08.03

Node

abb aspect-ent-96Match-

AND

abb aspect-ent-96_firmwareRange<3.08.03

Node

abb nexus-2128Match-

AND

abb nexus-2128_firmwareRange<3.08.03

Node

abb nexus-2128-aMatch-

AND

abb nexus-2128-a_firmwareRange<3.08.03

Node

abb nexus-2128-fMatch-

AND

abb nexus-2128-f_firmwareRange<3.08.03

Node

abb nexus-2128-gMatch-

AND

abb nexus-2128-g_firmwareRange<3.08.03

Node

abb nexus-264Match-

AND

abb nexus-264_firmwareRange<3.08.03

Node

abb nexus-264-aMatch-

AND

abb nexus-264-a_firmwareRange<3.08.03

Node

abb nexus-264-fMatch-

AND

abb nexus-264-f_firmwareRange<3.08.03

Node

abb nexus-264-gMatch-

AND

abb nexus-264-g_firmwareRange<3.08.03

Node

abb nexus-3-2128Match-

AND

abb nexus-3-2128_firmwareRange<3.08.03

Node

abb nexus-3-264_firmwareRange<3.08.03

AND

abb nexus-3-264Match-

Node

abb matrix-11_firmwareRange<3.08.03

AND

abb matrix-11Match-

Node

abb matrix-216_firmwareRange<3.08.03

AND

abb matrix-216Match-

Node

abb matrix-232_firmwareRange<3.08.03

AND

abb matrix-232Match-

Node

abb matrix-264_firmwareRange<3.08.03

AND

abb matrix-264Match-

Node

abb matrix-296_firmwareRange<3.08.03

AND

abb matrix-296Match-

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ASPECT-Enterprise",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "NEXUS Series",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "MATRIX Series",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
search	www.search.abb.com/library/Download.aspx

Parameter	Position	Path	Description	CWE
HEAPMIN	request body	/aspectMemory.php	Authenticated vulnerability allowing arbitrary Java heap memory parameters to be set via aspectMemory.php, written to /usr/local/aam/etc/javamem, enabling DoS/crashes.	CWE-15
HEAPMAX	request body	/aspectMemory.php	Authenticated vulnerability allowing arbitrary Java heap memory parameters to be set via aspectMemory.php, written to /usr/local/aam/etc/javamem, enabling DoS/crashes.	CWE-15
ACTION	request body	/aspectMemory.php	Authenticated vulnerability allowing arbitrary Java heap memory parameters to be set via aspectMemory.php, written to /usr/local/aam/etc/javamem, enabling DoS/crashes.	CWE-15

10 Apr 2025 19:42Current

8.4High risk

Vulners AI Score8.4

CVSS 3.18.2

CVSS 48.8

EPSS0.0473

SSVC

CWE-15