CVE-2024-51550

🗓️ 05 Dec 2024 12:56:07Reported by ABBType

cve🔗 web.nvd.nist.gov👁 84 Views🌐 WEB

Data Validation vulnerabilities in Linux in Aspect devic

Reporter	Title	Published	Views	Family All 15
0day.today	ABB Cylon Aspect 3.08.02 bbmdUpdate.php Remote Code Execution Vulnerability	9 Jan 202500:00	–	zdt
BDU FSTEC	The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems arises from improper validation of certain types of input data. This allows intruders to introduce incorrect input data into the system.	12 Dec 202400:00	–	bdu_fstec
Circl	CVE-2024-51550	5 Dec 202415:21	–	circl
CNNVD	ABB ASPECT 安全漏洞	5 Dec 202400:00	–	cnnvd
Cvelist	CVE-2024-51550 Data Validation / Sanitization	5 Dec 202412:56	–	cvelist
Exploit DB	ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution	15 Apr 202500:00	–	exploitdb
EUVD	EUVD-2024-45754	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series	6 Dec 202411:49	–	ncsc
NVD	CVE-2024-51550	5 Dec 202413:15	–	nvd
OSV	CVE-2024-51550	5 Dec 202413:15	–	osv

NVD

Node

abb aspect-ent-12_firmwareRange<3.08.03

AND

abb aspect-ent-12Match-

Node

abb aspect-ent-2Match-

AND

abb aspect-ent-2_firmwareRange<3.08.03

Node

abb aspect-ent-256Match-

AND

abb aspect-ent-256_firmwareRange<3.08.03

Node

abb aspect-ent-96Match-

AND

abb aspect-ent-96_firmwareRange<3.08.03

Node

abb nexus-2128Match-

AND

abb nexus-2128_firmwareRange<3.08.03

Node

abb nexus-2128-aMatch-

AND

abb nexus-2128-a_firmwareRange<3.08.03

Node

abb nexus-2128-fMatch-

AND

abb nexus-2128-f_firmwareRange<3.08.03

Node

abb nexus-2128-gMatch-

AND

abb nexus-2128-g_firmwareRange<3.08.03

Node

abb nexus-264Match-

AND

abb nexus-264_firmwareRange<3.08.03

Node

abb nexus-264-aMatch-

AND

abb nexus-264-a_firmwareRange<3.08.03

Node

abb nexus-264-fMatch-

AND

abb nexus-264-f_firmwareRange<3.08.03

Node

abb nexus-264-gMatch-

AND

abb nexus-264-g_firmwareRange<3.08.03

Node

abb nexus-3-2128Match-

AND

abb nexus-3-2128_firmwareRange<3.08.03

Node

abb nexus-3-264_firmwareRange<3.08.03

AND

abb nexus-3-264Match-

Node

abb matrix-11_firmwareRange<3.08.03

AND

abb matrix-11Match-

Node

abb matrix-216_firmwareRange<3.08.03

AND

abb matrix-216Match-

Node

abb matrix-232_firmwareRange<3.08.03

AND

abb matrix-232Match-

Node

abb matrix-264_firmwareRange<3.08.03

AND

abb matrix-264Match-

Node

abb matrix-296_firmwareRange<3.08.03

AND

abb matrix-296Match-

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ASPECT-Enterprise",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "NEXUS Series",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "MATRIX Series",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
search	www.search.abb.com/library/Download.aspx

Parameter	Position	Path	Description	CWE
rowCount	request body	bbmdUpdate.php	Authenticated blind command injection via POST parameters in bbmdUpdate.php allowing execution of arbitrary shell commands; also an off-by-one array access issue.	CWE-1287
ip1	request body	bbmdUpdate.php	Authenticated blind command injection via POST parameters in bbmdUpdate.php allowing execution of arbitrary shell commands; also an off-by-one array access issue.	CWE-1287
port1	request body	bbmdUpdate.php	Authenticated blind command injection via POST parameters in bbmdUpdate.php allowing execution of arbitrary shell commands; also an off-by-one array access issue.	CWE-1287
hexMask1	request body	bbmdUpdate.php	Authenticated blind command injection via POST parameters in bbmdUpdate.php allowing execution of arbitrary shell commands; also an off-by-one array access issue.	CWE-1287
remove1	request body	bbmdUpdate.php	Authenticated blind command injection via POST parameters in bbmdUpdate.php allowing execution of arbitrary shell commands; also an off-by-one array access issue.	CWE-1287
ip2	request body	bbmdUpdate.php	Authenticated blind command injection via POST parameters in bbmdUpdate.php allowing execution of arbitrary shell commands; also an off-by-one array access issue.	CWE-1287
port2	request body	bbmdUpdate.php	Authenticated blind command injection via POST parameters in bbmdUpdate.php allowing execution of arbitrary shell commands; also an off-by-one array access issue.	CWE-1287
hexMask2	request body	bbmdUpdate.php	Authenticated blind command injection via POST parameters in bbmdUpdate.php allowing execution of arbitrary shell commands; also an off-by-one array access issue.	CWE-1287
NAT?	request body	bbmdUpdate.php	Authenticated blind command injection via POST parameters in bbmdUpdate.php allowing execution of arbitrary shell commands; also an off-by-one array access issue.	CWE-1287
NATip1	request body	bbmdUpdate.php	Authenticated blind command injection via POST parameters in bbmdUpdate.php allowing execution of arbitrary shell commands; also an off-by-one array access issue.	CWE-1287

17 Jun 2026 08:05Current

9.5High risk

Vulners AI Score9.5

CVSS 3.19.8 - 10

CVSS 49.3

EPSS0.01789

SSVC

CWE-1287