CVE-2023-0635Use of Weak Credentials in LTD Aspect Enterprise

CWE-1391Use of Weak CredentialsCWE-269Improper Privilege Management3 documents3 sources
Severity
9.8CRITICALNVD
CNA7.8
EPSS
0.2%
top 63.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
22
ABB LTD Aspect EnterpriseABB LTD Matrix SeriesABB LTD Nexus Series+19 more
Timeline
PublishedJun 5
Latest updateJul 6

Description

Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages22 packages

CVEListV5abb_ltd/nexus_series3.0;03.07.01
CVEListV5abb_ltd/matrix_series3.0;03.07.01
NVDabb/matrix-11_firmware3.0.03.07.01
NVDabb/nexus-264_firmware3.0.03.07.01
NVDabb/matrix-216_firmware3.0.03.07.01

🔴Vulnerability Details

2
GHSA
GHSA-rhfh-gm98-5fx4: Improper Privilege Management vulnerability in ABB Ltd2023-07-06
CVEList
Privilege escalation to root2023-06-05
CVE-2023-0635 — Use of Weak Credentials | cvebase