Lucene search
K

860 matches found

RedhatCVE
RedhatCVE
โ€ขadded 2025/05/24 6:13 p.m.โ€ข13 views

CVE-2024-9639

Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

8CVSS7.8AI score0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/24 5:18 p.m.โ€ข11 views

CVE-2024-48850

Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

7.5CVSS7.2AI score0.00391EPSS
Exploits0
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/24 5:18 p.m.โ€ข10 views

CVE-2024-48853

An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

9.5CVSS7.2AI score0.00337EPSS
Exploits0
NVD
NVD
โ€ขadded 2025/05/23 10:15 a.m.โ€ข15 views

CVE-2024-13945

Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

8.4CVSS0.00352EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2025/05/23 9:18 a.m.โ€ข15 views

CVE-2024-13945 Stored Absolute Path Traversal

Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

8.4CVSS0.00352EPSS
Exploits0References1
CVE
CVE
โ€ขadded 2025/05/23 9:18 a.m.โ€ข48 views

CVE-2024-13945

CVE-2024-13945 describes a Stored Absolute Path Traversal affecting ABB products: ASPECT-Enterprise, NEXUS Series, and MATRIX Series (through version 3.*). Root cause is a path traversal flaw in the ASPECT component that can lead to sensitive data exposure when administrator credentials are compr...

8.4CVSS6.1AI score0.00352EPSS
Exploits0References1
Vulnrichment
Vulnrichment
โ€ขadded 2025/05/23 9:18 a.m.โ€ข3 views

CVE-2024-13945 Stored Absolute Path Traversal

Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

8.4CVSS6.1AI score0.00352EPSS
Exploits0References1
NCSC
NCSC
โ€ขadded 2025/05/23 8:40 a.m.โ€ข8 views

Vulnerabilities fixed in ABB ASPECT product line

ABB has fixed vulnerabilities in the ASPECT product line, including ASPECT-Enterprise, NEXUS Series and MATRIX Series up to version 3.08.03. The vulnerabilities include Remote Code Execution, SQL injection, servlet injection, and various forms of file access and manipulation. These vulnerabilitie...

9.5CVSS8.1AI score0.00582EPSS
Exploits0References1
Packet Storm
Packet Storm
โ€ขadded 2025/05/23 12:0 a.m.โ€ข92 views

๐Ÿ“„ ABB Cylon Aspect Studio 3.08.03 CylonLicence.dll Binary Planting

A DLL hijacking vulnerability exists in Aspect-Studio version 3.08.03, where the application attempts to load a library named CylonLicence via System.loadLibrary"CylonLicence" without a full path, falling back to the standard library search order. If an attacker can plant a malicious...

7.1CVSS7.2AI score0.00977EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2025/05/23 12:0 a.m.โ€ข77 views

๐Ÿ“„ ABB Cylon Aspect 3.08.03 logMixDownload.php Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the logMixDownload.php script and dependant on SELECTED=ALL case. Version...

8.3AI score
Exploits0
CNNVD
CNNVD
โ€ขadded 2025/05/23 12:0 a.m.โ€ข3 views

ABBๅคšๆฌพไบงๅ“ ๅฎ‰ๅ…จๆผๆดž

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

8.4CVSS6.7AI score0.00352EPSS
Exploits0References1
Packet Storm
Packet Storm
โ€ขadded 2025/05/23 12:0 a.m.โ€ข88 views

๐Ÿ“„ ABB Cylon Aspect 3.08.03 Time Manipulation

ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the Host: 127.0.0.1 bypass, writing attacker-controlled hosts to NTPTickers and syncing the system clock. A malicious NTP server can manipulate time, enabling DoS or time-based attacks. Version 3.08.03 is affected. ABB Cylon Aspect...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
โ€ขadded 2025/05/23 12:0 a.m.โ€ข3 views

PT-2025-22641 ยท Unknown ยท Nexus Seriesย +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: The issue is related to Stored Absolute Path Traversal vulnerabilities in ASPECT, which could expose sensitive data if...

8.4CVSS6.2AI score0.00352EPSS
Exploits0References6
Packet Storm
Packet Storm
โ€ขadded 2025/05/23 12:0 a.m.โ€ข90 views

๐Ÿ“„ ABB Cylon Aspect 3.08.03 login.php Obscure Authentication Bypass

The ABB Cylon Aspect BAS controller allows login using guest:guest, which initiates a web session but restricts access to administrative features by returning an 'Invalid Admin Username and/or Password' message. However, the session is still active and valid within the HMI environment. Despite...

7.6AI score
Exploits0
NVD
NVD
โ€ขadded 2025/05/22 7:15 p.m.โ€ข9 views

CVE-2024-51552

Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

7.1CVSS0.00258EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2025/05/22 7:15 p.m.โ€ข10 views

CVE-2024-51553

Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

7CVSS0.00285EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2025/05/22 7:15 p.m.โ€ข11 views

CVE-2024-48848

Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

7CVSS0.00306EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2025/05/22 7:15 p.m.โ€ข6 views

CVE-2024-13958

Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

4.8CVSS0.00186EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2025/05/22 7:15 p.m.โ€ข6 views

CVE-2024-13957

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

7.6CVSS0.00241EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2025/05/22 7:15 p.m.โ€ข11 views

CVE-2024-13953

Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

6.9CVSS0.00298EPSS
Exploits0References1
Rows per page
Query Builder