CVE-2024-13928

CWE-94 — Code Injection3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 55.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Aspect-enterprise ABB Matrix Series ABB Nexus Series

Timeline

PublishedMay 22

Description

SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N

Affected Packages3 packages

▶CVEListV5abb/nexus_series3.08.03

▶CVEListV5abb/matrix_series3.08.03

▶CVEListV5abb/aspect-enterprise3.08.03

🔴Vulnerability Details

CVEList

Authenticated SQL Injection↗2025-05-22

▶

GHSA

GHSA-cq8v-wvwh-vcpg: SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become↗2025-05-22

▶