CVE-2024-13953 — Exposure of Private Personal Information to an Unauthorized Actor in Aspect-enterprise

CWE-359 — Exposure of Private Personal Information to an Unauthorized Actor3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.3%

top 48.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Aspect-enterprise ABB Matrix Series ABB Nexus Series

Timeline

PublishedMay 22

Description

Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5abb/nexus_series3.*

▶CVEListV5abb/matrix_series3.*

▶CVEListV5abb/aspect-enterprise3.*

🔴Vulnerability Details

CVEList

Sensitive Information disclosed in log files↗2025-05-22

▶

GHSA

GHSA-6g64-v8cr-g3f9: Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: thro↗2025-05-22

▶