Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-6298

CWE-1287 CWE-20 — Improper Input Validation5 documents5 sources

Severity

9.4CRITICAL

EPSS

35.0%

top 2.98%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

ABB Aspect-enterprise ABB Matrix Series ABB Nexus Series +19 more

Timeline

PublishedJul 5

Latest updateApr 2

Description

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages22 packages

▶CVEListV5abb/nexus_series3.08.01

▶CVEListV5abb/matrix_series3.08.01

▶CVEListV5abb/aspect-enterprise3.08.01

▶NVDabb/matrix-11_firmware3.08.01

▶NVDabb/nexus-264_firmware3.08.01

🔴Vulnerability Details

CVEList

remote code execution↗2024-07-05

▶

GHSA

GHSA-w76v-3936-3wp3: Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code In↗2024-07-05

▶

VulnCheck

abb aspect-ent-12_firmware Improper Validation of Specified Type of Input↗2024

▶

💥Exploits & PoCs

Exploit-DB

ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)↗2025-04-02

▶