860 matches found
CVE-2024-13929
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13948 Insecure Permissions
Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13948
CVE-2024-13948 describes an information-disclosure vulnerability in ABB ASPECT family tools (ASPECT-Enterprise, NEXUS Series, MATRIX Series) caused by Windows permissions not being fully secured for ASPECT configuration toolsets. The root cause is an incorrect default privilege flaw that can expo...
CVE-2024-13948 Insecure Permissions
Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13947 External System or Configuration Control
Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13947 External System or Configuration Control
Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13947
ABB’s CVE-2024-13947 affects ASPECT-Enterprise (through 3.), NEXUS Series (through 3. ), and MATRIX Series (through 3.*). Root cause is an incorrect default privilege flaw that can allow an external source to modify device commissioning parameters if administrative credentials are compromised. Th...
CVE-2024-13946
CVE-2024-13946 involves DLLs not being digitally signed when loaded by ASPECT’s configuration toolset, creating a binary-planting risk during device commissioning for ABB ASPECT-Enterprise (up to 3.), NEXUS Series (up to 3. ), and MATRIX Series (up to 3.*). Connected sources describe DLL hijackin...
CVE-2024-13946 Binary Planting / LoadLibrary DLL's not Signed
DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13946 Binary Planting / LoadLibrary DLL's not Signed
DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13931 Authenticated Relative Path Traversal
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13931
CVE-2024-13931 describes a Relative Path Traversal in ABB ASPECT product line (ASPECT-Enterprise, NEXUS Series, MATRIX Series) up to version 3.08.03. The underlying issue allows an attacker who has compromised a session administrator’s credentials to access file resources. Affected products and v...
CVE-2024-13931 Authenticated Relative Path Traversal
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13930 Authenticated Unchecked Loop Condition
An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13930
CVE-2024-13930 describes an unchecked loop condition in ABB ASPECT product line, enabling an attacker to cause resource exhaustion when session administrator credentials are compromised. Affected products/versions: ASPECT-Enterprise up to 3.08.03; NEXUS Series up to 3.08.03; MATRIX Series up to 3...
CVE-2024-13930 Authenticated Unchecked Loop Condition
An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13929 Authenticated Servlet Command Injection
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13929 Authenticated Servlet Command Injection
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13929
The CVE-2024-13929 entry describes a servlet injection vulnerability in ABB ASPECT products that leads to remote code execution when session administrator credentials are compromised. Affected versions are ASPECT-Enterprise, NEXUS Series, and MATRIX Series up to 3.08.03. The issue stems from serv...
CVE-2024-13928 Authenticated SQL Injection
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...