14 matches found
ABB Cylon Aspect 3.08.02 escDevicesUpdate.php Denial of Service Vulnerability
ABB Cylon Aspect version 3.08.02 has an off-by-one error in array access that could lead to undefined behavior and potential denial of service. The issue arises in a loop that iterates over an array using a less than condition, allowing access to an out-of-bounds index. This can trigger errors or...
CVE-2024-6516
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
CVE-2024-51548
Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
CVE-2024-51541
Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
CVE-2024-48843
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
PT-2024-9335 · Abb · Abb Aspect +2
Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: The issue is related to improper input validation, allowing unvalidated and unsanitized data to be injected into an Aspect device...
PT-2024-9200 · Abb · Abb Aspect +2
Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: Cross Site Request Forgery vulnerabilities were found, providing a potential for exposing sensitive information or changing system...
PT-2024-9237 · Abb · Abb Aspect Enterprise
Name of the Vulnerable Software and Affected Versions: ABB ASPECT Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: The issue is related to insufficient validation of incoming requests, which can be exploited by a remote attacker to gain unauthoriz...
PT-2024-9336 · Abb · Abb Aspect +2
Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: The issue is related to improper input validation, which allows for remote code execution. This can be exploited by a remote...
PT-2024-9186 · Abb · Abb Aspect +2
Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: The issue is related to Denial of Service vulnerabilities, which could potentially cause device service disruptions. It is...
PT-2024-9204 · Abb · Abb Aspect +2
Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: The issue is related to incorrect code generation management in the firmware of embedded network controllers for building...
PT-2024-9241 · Abb · Abb Aspect +2
Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: The issue is related to an absolute file traversal vulnerability, which allows access and modification of unintended resources. Th...
ABB Cylon Aspect 3.08.01 (logCriticalLookup.php) Unauthenticated Log Disclosure
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated log...
ABB Cylon Aspect 3.08.01 (calendarFileDelete.php) Arbitrary File Deletion
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from an arbitrary file deletion...