Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-48849

CWE-13854 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 64.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
ABB Flxeon
Timeline
PublishedJan 29
Latest updateApr 11

Description

Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5abb/flxeon<= 9.3.4

🔴Vulnerability Details

2
CVEList
Authentication and Authorization Issues2025-01-29
GHSA
GHSA-r2c5-m74g-gvx4: Missing Origin Validation in WebSockets vulnerability in FLXEON2025-01-29

💥Exploits & PoCs

1
Exploit-DB
ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning2025-04-11
CVE-2024-48849 (HIGH CVSS 8.8) | Missing Origin Validation in WebSoc | cvebase.io