VYPR

ASPECT-Enterprise

by Abb

CVEs (48)

  • CVE-2024-6298CriJul 5, 2024
    risk 0.70cvss 10.0epss 0.19

    Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely

  • CVE-2024-6209CriJul 5, 2024
    risk 0.69cvss 10.0epss 0.17

    Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized

  • CVE-2024-51550CriDec 5, 2024
    risk 0.68cvss 10.0epss 0.02

    Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-48840CriDec 5, 2024
    risk 0.68cvss 10.0epss 0.02

    Unauthorized Access vulnerabilities allow Remote Code Execution.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-48839CriDec 5, 2024
    risk 0.68cvss 10.0epss 0.03

    Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-51551CriDec 5, 2024
    risk 0.65cvss 10.0epss 0.00

    Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

  • CVE-2024-51549CriDec 5, 2024
    risk 0.65cvss 10.0epss 0.01

    Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-51545CriDec 5, 2024
    risk 0.65cvss 10.0epss 0.00

    Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-11317CriDec 5, 2024
    risk 0.65cvss 10.0epss 0.00

    Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-51547CriFeb 6, 2025
    risk 0.64cvss 9.8epss 0.01

    Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-6784CriDec 5, 2024
    risk 0.64cvss 9.9epss 0.01

    Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-51548CriDec 5, 2024
    risk 0.64cvss 9.9epss 0.01

    Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-48845CriDec 5, 2024
    risk 0.64cvss 9.4epss 0.02

    Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

  • CVE-2024-6516CriDec 5, 2024
    risk 0.62cvss 9.0epss 0.01

    Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-6515CriDec 5, 2024
    risk 0.62cvss 9.6epss 0.00

    Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-4007HigJul 1, 2024
    risk 0.60cvss 8.8epss 0.02

    Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.

  • CVE-2024-51554CriDec 5, 2024
    risk 0.59cvss 9.1epss 0.00

    Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-13955HigMay 22, 2025
    risk 0.57cvss 8.8epss 0.00

    2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-13952HigMay 22, 2025
    risk 0.55cvss 8.4epss 0.00

    Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-51544HigDec 5, 2024
    risk 0.54cvss 8.2epss 0.14

    Service Control vulnerabilities allow access to service restart requests and vm configuration settings.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Page 1 of 3