CVE-2024-13947

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

7.1HIGH

EPSS

0.3%

top 47.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Aspect-enterprise ABB Matrix Series ABB Nexus Series

Timeline

PublishedMay 22

Description

Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L

Affected Packages3 packages

▶CVEListV5abb/nexus_series3.*

▶CVEListV5abb/matrix_series3.*

▶CVEListV5abb/aspect-enterprise3.*

🔴Vulnerability Details

GHSA

GHSA-g7cj-ccj4-m3wq: Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASP↗2025-05-22

▶

CVEList

External System or Configuration Control↗2025-05-22

▶