3660 matches found
CVE-2024-13929
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13948 Insecure Permissions
Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13947
ABB’s CVE-2024-13947 affects ASPECT-Enterprise (through 3.), NEXUS Series (through 3. ), and MATRIX Series (through 3.*). Root cause is an incorrect default privilege flaw that can allow an external source to modify device commissioning parameters if administrative credentials are compromised. Th...
CVE-2024-13946 Binary Planting / LoadLibrary DLL's not Signed
DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13946
CVE-2024-13946 involves DLLs not being digitally signed when loaded by ASPECT’s configuration toolset, creating a binary-planting risk during device commissioning for ABB ASPECT-Enterprise (up to 3.), NEXUS Series (up to 3. ), and MATRIX Series (up to 3.*). Connected sources describe DLL hijackin...
CVE-2024-13931 Authenticated Relative Path Traversal
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13931 Authenticated Relative Path Traversal
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13930
CVE-2024-13930 describes an unchecked loop condition in ABB ASPECT product line, enabling an attacker to cause resource exhaustion when session administrator credentials are compromised. Affected products/versions: ASPECT-Enterprise up to 3.08.03; NEXUS Series up to 3.08.03; MATRIX Series up to 3...
CVE-2024-13929 Authenticated Servlet Command Injection
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13929
The CVE-2024-13929 entry describes a servlet injection vulnerability in ABB ASPECT products that leads to remote code execution when session administrator credentials are compromised. Affected versions are ASPECT-Enterprise, NEXUS Series, and MATRIX Series up to 3.08.03. The issue stems from serv...
CVE-2024-13928 Authenticated SQL Injection
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13928 Authenticated SQL Injection
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13928
CVE-2024-13928 describes SQL injection vulnerabilities in ABB ASPECT product line (ASPECT-Enterprise, NEXUS Series, MATRIX Series) up to version 3.08.03. The flaw allows unintended access and manipulation of database repositories when session administrator credentials are compromised. Root cause ...
CVE-2025-30169 Admin Authorized File Upload and Execute PHP
File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2025-30169
CVE-2025-30169 affects ABB ASPECT product line (ASPECT-Enterprise, NEXUS Series, MATRIX Series) up to version 3.08.03. The issue is a file upload and execute vulnerability enabling PHP script injection if session administrator credentials are compromised. Connected sources corroborate vulnerabili...
CVE-2025-30169 Admin Authorized File Upload and Execute PHP
File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2025-30173 Admin Authorized File Upload
File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2025-30171
This CVE affects ABB ASPECT-Enterprise (through 3.08.03), ABB NEXUS Series (through 3.08.03), and ABB MATRIX Series (through 3.08.03). The vulnerability is a System File Deletion issue where, if session administrator credentials are compromised, an attacker can delete system files. CVSS metrics s...
CVE-2025-30170 Admin Authorized Exposure of file path, file size or file existence
Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through...
CVE-2025-30170
CVE-2025-30170 is an information disclosure vulnerability in ABB ASPECT product line (ASPECT-Enterprise, NEXUS Series, MATRIX Series) affecting versions up to 3.08.03. The issue arises from exposure of file path, file size, or file existence information, which can be accessed if a session adminis...