Lucene search

ABBCVE-2024-6298

HistoryJul 05, 2024 - 11:15 a.m.

CVE-2024-6298

2024-07-0511:15:10

CWE-20

ABB

web.nvd.nist.gov

cve-2024-6298

improper input validation

abb aspect-enterprise

abb nexus series

abb matrix series

linux

remote code inclusion

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

9.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:I/V:C/RE:H

AI Score

Confidence

High

EPSS

0.001

Percentile

38.9%

JSON

Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01.

Affected configurations

Nvd

Node

abbaspect-ent-12_firmwareRange≤3.08.01

AND

abbaspect-ent-12Match-

Node

abbaspect-ent-2_firmwareRange≤3.08.01

AND

abbaspect-ent-2Match-

Node

abbaspect-ent-256_firmwareRange≤3.08.01

AND

abbaspect-ent-256Match-

Node

abbaspect-ent-96_firmwareRange≤3.08.01

AND

abbaspect-ent-96Match-

Node

abbnexus-2128_firmwareRange≤3.08.01

AND

abbnexus-2128Match-

Node

abbnexus-2128-a_firmwareRange≤3.08.01

AND

abbnexus-2128-aMatch-

Node

abbnexus-2128-f_firmwareRange≤3.08.01

AND

abbnexus-2128-fMatch-

Node

abbnexus-2128-g_firmwareRange≤3.08.01

AND

abbnexus-2128-gMatch-

Node

abbnexus-264_firmwareRange≤3.08.01

AND

abbnexus-264Match-

Node

abbnexus-264-a_firmwareRange≤3.08.01

AND

abbnexus-264-aMatch-

Node

abbnexus-264-f_firmwareRange≤3.08.01

AND

abbnexus-264-fMatch-

Node

abbnexus-264-g_firmwareRange≤3.08.01

AND

abbnexus-264-gMatch-

Node

abbnexus-3-2128_firmwareRange≤3.08.01

AND

abbnexus-3-2128Match-

Node

abbnexus-3-264_firmwareRange≤3.08.01

AND

abbnexus-3-264Match-

Node

abbmatrix-11_firmwareRange≤3.08.01

AND

abbmatrix-11Match-

Node

abbmatrix-216_firmwareRange≤3.08.01

AND

abbmatrix-216Match-

Node

abbmatrix-232_firmwareRange≤3.08.01

AND

abbmatrix-232Match-

Node

abbmatrix-264_firmwareRange≤3.08.01

AND

abbmatrix-264Match-

Node

abbmatrix-296_firmwareRange≤3.08.01

AND

abbmatrix-296Match-

VendorProductVersionCPE
abbaspect-ent-12_firmware*cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*
abbaspect-ent-12-cpe:2.3:h:abb:aspect-ent-12:-:*:*:*:*:*:*:*
abbaspect-ent-2_firmware*cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*
abbaspect-ent-2-cpe:2.3:h:abb:aspect-ent-2:-:*:*:*:*:*:*:*
abbaspect-ent-256_firmware*cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*
abbaspect-ent-256-cpe:2.3:h:abb:aspect-ent-256:-:*:*:*:*:*:*:*
abbaspect-ent-96_firmware*cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*
abbaspect-ent-96-cpe:2.3:h:abb:aspect-ent-96:-:*:*:*:*:*:*:*
abbnexus-2128_firmware*cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*
abbnexus-2128-cpe:2.3:h:abb:nexus-2128:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
abb	aspect-ent-12_firmware	*	cpe:2.3:o:abb:aspect-ent-12_firmware::::::::
abb	aspect-ent-12	-	cpe:2.3:h:abb:aspect-ent-12:-:::::::*
abb	aspect-ent-2_firmware	*	cpe:2.3:o:abb:aspect-ent-2_firmware::::::::
abb	aspect-ent-2	-	cpe:2.3:h:abb:aspect-ent-2:-:::::::*
abb	aspect-ent-256_firmware	*	cpe:2.3:o:abb:aspect-ent-256_firmware::::::::
abb	aspect-ent-256	-	cpe:2.3:h:abb:aspect-ent-256:-:::::::*
abb	aspect-ent-96_firmware	*	cpe:2.3:o:abb:aspect-ent-96_firmware::::::::
abb	aspect-ent-96	-	cpe:2.3:h:abb:aspect-ent-96:-:::::::*
abb	nexus-2128_firmware	*	cpe:2.3:o:abb:nexus-2128_firmware::::::::
abb	nexus-2128	-	cpe:2.3:h:abb:nexus-2128:-:::::::*

Rows per page:

1-10 of 381

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ASPECT-Enterprise",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "NEXUS Series",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "MATRIX Series",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.08.01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

9.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:I/V:C/RE:H

AI Score

Confidence

High

EPSS

0.001

Percentile

38.9%

JSON

Related for CVE-2024-6298