Lucene search

ABBCVE-2024-6209

HistoryJul 05, 2024 - 11:15 a.m.

CVE-2024-6209

2024-07-0511:15:10

CWE-552

ABB

web.nvd.nist.gov

cve-2024-6209

web server

abb aspect - enterprise

nexus series

matrix series

unauthorized file access

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

9.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:I/V:C/RE:H

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

37.3%

JSON

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series

v <=3.08.01

; MATRIX Series

v<=3.08.01 allows Attacker to access files unauthorized

Affected configurations

Nvd

Node

abbaspect-ent-12_firmwareRange≤3.08.01

AND

abbaspect-ent-12Match-

Node

abbaspect-ent-2_firmwareRange≤3.08.01

AND

abbaspect-ent-2Match-

Node

abbaspect-ent-256_firmwareRange≤3.08.01

AND

abbaspect-ent-256Match-

Node

abbaspect-ent-96_firmwareRange≤3.08.01

AND

abbaspect-ent-96Match-

Node

abbnexus-2128_firmwareRange≤3.08.01

AND

abbnexus-2128Match-

Node

abbnexus-2128-a_firmwareRange≤3.08.01

AND

abbnexus-2128-aMatch-

Node

abbnexus-2128-f_firmwareRange≤3.08.01

AND

abbnexus-2128-fMatch-

Node

abbnexus-2128-g_firmwareRange≤3.08.01

AND

abbnexus-2128-gMatch-

Node

abbnexus-264_firmwareRange≤3.08.01

AND

abbnexus-264Match-

Node

abbnexus-264-a_firmwareRange≤3.08.01

AND

abbnexus-264-aMatch-

Node

abbnexus-264-f_firmwareRange≤3.08.01

AND

abbnexus-264-fMatch-

Node

abbnexus-264-g_firmwareRange≤3.08.01

AND

abbnexus-264-gMatch-

Node

abbnexus-3-2128_firmwareRange≤3.08.01

AND

abbnexus-3-2128Match-

Node

abbnexus-3-264_firmwareRange≤3.08.01

AND

abbnexus-3-264Match-

Node

abbmatrix-11_firmwareRange≤3.08.01

AND

abbmatrix-11Match-

Node

abbmatrix-216_firmwareRange≤3.08.01

AND

abbmatrix-216Match-

Node

abbmatrix-232_firmwareRange≤3.08.01

AND

abbmatrix-232Match-

Node

abbmatrix-264_firmwareRange≤3.08.01

AND

abbmatrix-264Match-

Node

abbmatrix-296_firmwareRange≤3.08.01

AND

abbmatrix-296Match-

VendorProductVersionCPE
abbaspect-ent-12_firmware*cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*
abbaspect-ent-12-cpe:2.3:h:abb:aspect-ent-12:-:*:*:*:*:*:*:*
abbaspect-ent-2_firmware*cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*
abbaspect-ent-2-cpe:2.3:h:abb:aspect-ent-2:-:*:*:*:*:*:*:*
abbaspect-ent-256_firmware*cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*
abbaspect-ent-256-cpe:2.3:h:abb:aspect-ent-256:-:*:*:*:*:*:*:*
abbaspect-ent-96_firmware*cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*
abbaspect-ent-96-cpe:2.3:h:abb:aspect-ent-96:-:*:*:*:*:*:*:*
abbnexus-2128_firmware*cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*
abbnexus-2128-cpe:2.3:h:abb:nexus-2128:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
abb	aspect-ent-12_firmware	*	cpe:2.3:o:abb:aspect-ent-12_firmware::::::::
abb	aspect-ent-12	-	cpe:2.3:h:abb:aspect-ent-12:-:::::::*
abb	aspect-ent-2_firmware	*	cpe:2.3:o:abb:aspect-ent-2_firmware::::::::
abb	aspect-ent-2	-	cpe:2.3:h:abb:aspect-ent-2:-:::::::*
abb	aspect-ent-256_firmware	*	cpe:2.3:o:abb:aspect-ent-256_firmware::::::::
abb	aspect-ent-256	-	cpe:2.3:h:abb:aspect-ent-256:-:::::::*
abb	aspect-ent-96_firmware	*	cpe:2.3:o:abb:aspect-ent-96_firmware::::::::
abb	aspect-ent-96	-	cpe:2.3:h:abb:aspect-ent-96:-:::::::*
abb	nexus-2128_firmware	*	cpe:2.3:o:abb:nexus-2128_firmware::::::::
abb	nexus-2128	-	cpe:2.3:h:abb:nexus-2128:-:::::::*

Rows per page:

1-10 of 381

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ASPECT-Enterprise",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "NEXUS Series",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "MATRIX Series",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

9.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:I/V:C/RE:H

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

37.3%

JSON

Related for CVE-2024-6209