Abb Nexus Series vulnerabilities

CVE-2025-30173 [MEDIUM] CWE-434 CVE-2025-30173: File upload vulnerabilities are present in ASPECT if session administrator credentials become compro File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2024-13953 [MEDIUM] CWE-359 CVE-2024-13953: Sensitive device logger information in ASPECT may be exposed if administrator credentials become com Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-13951 [MEDIUM] CWE-760 CVE-2024-13951: One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a p One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2025-30169 [MEDIUM] CWE-434 CVE-2025-30169: File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrato File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2024-13949 [MEDIUM] CWE-117 CVE-2024-13949: Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a s Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-13930 [MEDIUM] CWE-606 CVE-2024-13930: An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2024-13950 [MEDIUM] CWE-79 CVE-2024-13950: Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-13954 [MEDIUM] CWE-922 CVE-2024-13954: Serialized configuration information may be disclosed during device commissioning while using ASPECT Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-13958 [MEDIUM] CWE-79 CVE-2024-13958: Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become com Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2025-30170 [MEDIUM] CWE-497 CVE-2025-30170: Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers acces Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVE-2024-13948 [MEDIUM] CWE-276 CVE-2024-13948: Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of co Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-51547 [CRITICAL] CWE-798 CVE-2024-51547: Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX S Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVE-2024-6516 [CRITICAL] CWE-79 CVE-2024-6516: Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be i Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-51551 [CRITICAL] CWE-1287 CVE-2024-51551: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly av Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVE-2024-51555 [CRITICAL] CWE-1393 CVE-2024-51555: Default Credentail vulnerabilities allows access to an Aspect device using publicly available defaul Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVE-2024-51550 [CRITICAL] CWE-1287 CVE-2024-51550: Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized dat Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-51545 [CRITICAL] CWE-522 CVE-2024-51545: Username Enumeration vulnerabilities allow access to application level username add, delete, modify Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-51549 [CRITICAL] CWE-36 CVE-2024-51549: Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  A Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-48839 [CRITICAL] CWE-94 CVE-2024-48839: Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB ASPE Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVE-2024-11317 [CRITICAL] CWE-384 CVE-2024-11317: Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login pr Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02