Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-51550

CWE-12874 documents4 sources

Severity

9.3CRITICAL

EPSS

2.3%

top 15.25%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

ABB Aspect-ent-12 Firmware ABB Aspect-ent-256 Firmware ABB Aspect-ent-2 Firmware +19 more

Timeline

PublishedDec 5

Latest updateApr 15

Description

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L

Affected Packages22 packages

▶CVEListV5abb/nexus_series3.08.02

▶CVEListV5abb/matrix_series3.08.02

▶CVEListV5abb/aspect-enterprise3.08.02

▶NVDabb/aspect-ent-2_firmware< 3.08.03

▶NVDabb/aspect-ent-12_firmware< 3.08.03

🔴Vulnerability Details

GHSA

GHSA-78pr-m5p7-52qj: Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device↗2024-12-05

▶

CVEList

Data Validation / Sanitization↗2024-12-05

▶

💥Exploits & PoCs

Exploit-DB

ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution↗2025-04-15

▶