Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-48841

CWE-77Command InjectionCWE-985 documents4 sources
Severity
10.0CRITICAL
EPSS
4.2%
top 11.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
ABB Flxeon
Timeline
PublishedJan 27
Latest updateApr 11

Description

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages1 packages

CVEListV5abb/flxeon9.3.4

🔴Vulnerability Details

2
CVEList
Remote Code Execution (RCE) Vulnerabilities2025-01-27
GHSA
GHSA-v9p4-62pm-466x: Network access can be used to execute arbitrary code with elevated privileges2025-01-27

💥Exploits & PoCs

2
Exploit-DB
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE)2025-04-11
Exploit-DB
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)2025-04-11
CVE-2024-48841 (CRITICAL CVSS 10) | Network access can be used to execu | cvebase.io