Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-48845Weak Password Requirements in Aspect-ent-256 Firmware

CWE-521Weak Password Requirements4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
3.1%
top 13.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
22
ABB Aspect-ent-256 FirmwareABB Aspect-ent-2 FirmwareABB Aspect-ent-96 Firmware+19 more
Timeline
PublishedDec 5
Latest updateApr 15

Description

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L

Affected Packages22 packages

CVEListV5abb/nexus_series3.07.02
CVEListV5abb/matrix_series3.07.02
CVEListV5abb/aspect-enterprise3.07.02
NVDabb/nexus-264_firmware< 3.08.03

🔴Vulnerability Details

2
CVEList
Weak Password Rules/Strength2024-12-05
GHSA
GHSA-8297-wvjg-5vxg: Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admi2024-12-05

💥Exploits & PoCs

1
Exploit-DB
ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy2025-04-15
CVE-2024-48845 — Weak Password Requirements in ABB | cvebase