CVE-2024-13948

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
6.9MEDIUM
EPSS
0.1%
top 80.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ABB Aspect-enterpriseABB Matrix SeriesABB Nexus Series
Timeline
PublishedMay 22

Description

Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Affected Packages3 packages

CVEListV5abb/nexus_series3.*
CVEListV5abb/matrix_series3.*
CVEListV5abb/aspect-enterprise3.*

🔴Vulnerability Details

2
CVEList
Insecure Permissions2025-05-22
GHSA
GHSA-3h6w-hjgc-hx7q: Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-E2025-05-22
CVE-2024-13948 (MEDIUM CVSS 6.9) | Windows permissions for ASPECT conf | cvebase.io