NEXUS Series
by Abb
CVEs (49)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6298 | Cri | 0.70 | 10.0 | 0.19 | Jul 5, 2024 | Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely | ||
| CVE-2024-6209 | Cri | 0.69 | 10.0 | 0.17 | Jul 5, 2024 | Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized | ||
| CVE-2024-51550 | Cri | 0.68 | 10.0 | 0.02 | Dec 5, 2024 | Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||
| CVE-2024-48840 | Cri | 0.68 | 10.0 | 0.02 | Dec 5, 2024 | Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||
| CVE-2024-48839 | Cri | 0.68 | 10.0 | 0.03 | Dec 5, 2024 | Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||
| CVE-2024-51555 | Cri | 0.65 | 10.0 | 0.00 | Dec 5, 2024 | Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; … | ||
| CVE-2024-51551 | Cri | 0.65 | 10.0 | 0.00 | Dec 5, 2024 | Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | ||
| CVE-2024-51549 | Cri | 0.65 | 10.0 | 0.01 | Dec 5, 2024 | Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||
| CVE-2024-51545 | Cri | 0.65 | 10.0 | 0.00 | Dec 5, 2024 | Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||
| CVE-2024-11317 | Cri | 0.65 | 10.0 | 0.00 | Dec 5, 2024 | Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||
| CVE-2024-51547 | Cri | 0.64 | 9.8 | 0.01 | Feb 6, 2025 | Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||
| CVE-2024-6784 | Cri | 0.64 | 9.9 | 0.01 | Dec 5, 2024 | Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||
| CVE-2024-51548 | Cri | 0.64 | 9.9 | 0.01 | Dec 5, 2024 | Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||
| CVE-2024-48845 | Cri | 0.64 | 9.4 | 0.02 | Dec 5, 2024 | Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | ||
| CVE-2024-6516 | Cri | 0.62 | 9.0 | 0.01 | Dec 5, 2024 | Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||
| CVE-2024-6515 | Cri | 0.62 | 9.6 | 0.00 | Dec 5, 2024 | Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||
| CVE-2024-4007 | Hig | 0.60 | 8.8 | 0.02 | Jul 1, 2024 | Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. | ||
| CVE-2024-51554 | Cri | 0.59 | 9.1 | 0.00 | Dec 5, 2024 | Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||
| CVE-2024-13955 | Hig | 0.57 | 8.8 | 0.00 | May 22, 2025 | 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||
| CVE-2024-13952 | Hig | 0.55 | 8.4 | 0.00 | May 22, 2025 | Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. |
- risk 0.70cvss 10.0epss 0.19
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely
- risk 0.69cvss 10.0epss 0.17
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized
- risk 0.68cvss 10.0epss 0.02
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- risk 0.68cvss 10.0epss 0.02
Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- risk 0.68cvss 10.0epss 0.03
Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- risk 0.65cvss 10.0epss 0.00
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; …
- risk 0.65cvss 10.0epss 0.00
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02
- risk 0.65cvss 10.0epss 0.01
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- risk 0.65cvss 10.0epss 0.00
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- risk 0.65cvss 10.0epss 0.00
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- risk 0.64cvss 9.8epss 0.01
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
- risk 0.64cvss 9.9epss 0.01
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- risk 0.64cvss 9.9epss 0.01
Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- risk 0.64cvss 9.4epss 0.02
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02
- risk 0.62cvss 9.0epss 0.01
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- risk 0.62cvss 9.6epss 0.00
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- risk 0.60cvss 8.8epss 0.02
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.
- risk 0.59cvss 9.1epss 0.00
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- risk 0.57cvss 8.8epss 0.00
2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
- risk 0.55cvss 8.4epss 0.00
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Page 1 of 3