VYPR

NEXUS Series

by Abb

CVEs (49)

  • CVE-2024-6298CriJul 5, 2024
    risk 0.70cvss 10.0epss 0.19

    Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely

  • CVE-2024-6209CriJul 5, 2024
    risk 0.69cvss 10.0epss 0.17

    Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized

  • CVE-2024-51550CriDec 5, 2024
    risk 0.68cvss 10.0epss 0.02

    Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-48840CriDec 5, 2024
    risk 0.68cvss 10.0epss 0.02

    Unauthorized Access vulnerabilities allow Remote Code Execution.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-48839CriDec 5, 2024
    risk 0.68cvss 10.0epss 0.03

    Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-51555CriDec 5, 2024
    risk 0.65cvss 10.0epss 0.00

    Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; …

  • CVE-2024-51551CriDec 5, 2024
    risk 0.65cvss 10.0epss 0.00

    Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

  • CVE-2024-51549CriDec 5, 2024
    risk 0.65cvss 10.0epss 0.01

    Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-51545CriDec 5, 2024
    risk 0.65cvss 10.0epss 0.00

    Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-11317CriDec 5, 2024
    risk 0.65cvss 10.0epss 0.00

    Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-51547CriFeb 6, 2025
    risk 0.64cvss 9.8epss 0.01

    Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-6784CriDec 5, 2024
    risk 0.64cvss 9.9epss 0.01

    Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-51548CriDec 5, 2024
    risk 0.64cvss 9.9epss 0.01

    Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-48845CriDec 5, 2024
    risk 0.64cvss 9.4epss 0.02

    Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

  • CVE-2024-6516CriDec 5, 2024
    risk 0.62cvss 9.0epss 0.01

    Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-6515CriDec 5, 2024
    risk 0.62cvss 9.6epss 0.00

    Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-4007HigJul 1, 2024
    risk 0.60cvss 8.8epss 0.02

    Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.

  • CVE-2024-51554CriDec 5, 2024
    risk 0.59cvss 9.1epss 0.00

    Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

  • CVE-2024-13955HigMay 22, 2025
    risk 0.57cvss 8.8epss 0.00

    2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-13952HigMay 22, 2025
    risk 0.55cvss 8.4epss 0.00

    Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

Page 1 of 3