CVE-2024-13952

CWE-94 — Code Injection3 documents3 sources

Severity

8.7HIGH

EPSS

0.2%

top 54.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Aspect-enterprise ABB Matrix Series ABB Nexus Series

Timeline

PublishedMay 22

Description

Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages3 packages

▶CVEListV5abb/nexus_series3.*

▶CVEListV5abb/matrix_series3.*

▶CVEListV5abb/aspect-enterprise3.*

🔴Vulnerability Details

CVEList

Remote Code Execution↗2025-05-22

▶

GHSA

GHSA-77wx-cf44-5rxx: Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromise↗2025-05-22

▶