Abb Nexus-2128 Firmware vulnerabilities

CVE-2024-51547 [CRITICAL] CWE-798 CVE-2024-51547: Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX S Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-6516 [CRITICAL] CWE-79 CVE-2024-6516: Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be i Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-51550 [CRITICAL] CWE-1287 CVE-2024-51550: Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized dat Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-51551 [CRITICAL] CWE-1287 CVE-2024-51551: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly av Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVE-2024-51549 [CRITICAL] CWE-36 CVE-2024-51549: Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  A Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-48845 [CRITICAL] CWE-521 CVE-2024-48845: Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of wea Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVE-2024-48840 [CRITICAL] CWE-94 CVE-2024-48840: Unauthorized Access vulnerabilities allow Remote Code Execution.  Affected products: ABB ASPECT - Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-48839 [CRITICAL] CWE-94 CVE-2024-48839: Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB ASPE Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-51545 [CRITICAL] CWE-522 CVE-2024-51545: Username Enumeration vulnerabilities allow access to application level username add, delete, modify Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-11317 [CRITICAL] CWE-384 CVE-2024-11317: Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login pr Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-11316 [HIGH] CWE-770 CVE-2024-11316: Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the produ Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-48843 [HIGH] CWE-770 CVE-2024-48843: Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-51546 [HIGH] CWE-1287 CVE-2024-51546: Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.  Affected p Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-51541 [HIGH] CWE-98 CVE-2024-51541: Local File Inclusion vulnerabilities allow access to sensitive system information.  Affected product Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-51544 [HIGH] CWE-15 CVE-2024-51544: Service Control vulnerabilities allow access to service restart requests and vm configuration settin Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-48844 [HIGH] CWE-770 CVE-2024-48844: Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-51543 [HIGH] CWE-15 CVE-2024-51543: Information Disclosure vulnerabilities allow access to application configuration information.  Affec Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-48846 [HIGH] CWE-352 CVE-2024-48846: Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-51542 [HIGH] CWE-552 CVE-2024-51542: Configuration Download vulnerabilities allow access to dependency configuration information.  Affect Configuration Download vulnerabilities allow access to dependency configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-48847 [HIGH] CWE-328 CVE-2024-48847: MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application depe MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01