Abb Aspect-Enterprise vulnerabilities

CVE-2024-13945 [HIGH] CWE-36 CVE-2024-13945: Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrat Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-13955 [CRITICAL] CWE-89 CVE-2024-13955: 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of databa 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-48853 [CRITICAL] CWE-286 CVE-2024-48853: An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2025-30172 [HIGH] CWE-94 CVE-2025-30172: Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials bec Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2024-13929 [HIGH] CWE-94 CVE-2024-13929: Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator cre Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2024-13956 [HIGH] CWE-295 CVE-2024-13956: SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromi SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-13957 [HIGH] CWE-918 CVE-2024-13957: SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-48848 [HIGH] CWE-774 CVE-2024-48848: Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a s Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-13946 [HIGH] CWE-427 CVE-2024-13946: DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the applicatio DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-13952 [HIGH] CWE-94 CVE-2024-13952: Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attac Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-13931 [HIGH] CWE-606 CVE-2024-13931: Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administ Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2024-51552 [HIGH] CWE-257 CVE-2024-51552: Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromise Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-51553 [HIGH] CWE-73 CVE-2024-51553: Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attac Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-9639 [HIGH] CWE-94 CVE-2024-9639: Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials be Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2025-2409 [HIGH] CWE-73 CVE-2025-2409: File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if ses File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2024-13928 [HIGH] CWE-94 CVE-2024-13928: SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database reposit SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2024-13947 [HIGH] CWE-863 CVE-2024-13947: Device commissioning parameters in ASPECT may be modified by an external source if administrative cr Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2025-30171 [HIGH] CWE-863 CVE-2025-30171: System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if se System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2025-2410 [HIGH] CWE-99 CVE-2025-2410: Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP po Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2024-48850 [HIGH] CWE-36 CVE-2024-48850: Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resou Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.