Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-4007 — Use of Default Credentials in Aspect-ent-12 Firmware

CWE-1392 — Use of Default Credentials4 documents4 sources

Severity

8.7HIGHNVD

EPSS

9.5%

top 7.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

ABB Aspect-ent-12 Firmware ABB Aspect-ent-256 Firmware ABB Aspect-ent-2 Firmware +12 more

Timeline

PublishedJul 1

Latest updateApr 3

Description

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N

Affected Packages15 packages

▶CVEListV5abb/matrix_series3.07

▶NVDabb/matrix-11_firmware< 3.07.02

▶NVDabb/nexus-264_firmware< 3.07.02

▶NVDabb/matrix-216_firmware< 3.07.02

▶NVDabb/matrix-232_firmware< 3.07.02

🔴Vulnerability Details

CVEList

Hard coded default credential contained in install package↗2024-07-01

▶

GHSA

GHSA-cf63-g2wm-56wp: Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3↗2024-07-01

▶

💥Exploits & PoCs

Exploit-DB

ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials↗2025-04-03

▶