CVE-2024-51546 - Vulnerability Details

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Abb	Aspect Enterprise Matrix Series Nexus Series

No data.

References

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

History

Thu, 05 Dec 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Abb Abb aspect Enterprise Abb matrix Series Abb nexus Series
CPEs		cpe:2.3:a:abb:aspect_enterprise:::::::: cpe:2.3:a:abb:matrix_series:::::::: cpe:2.3:a:abb:nexus_series::::::::
Vendors & Products		Abb Abb aspect Enterprise Abb matrix Series Abb nexus Series
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 05 Dec 2024 13:00:00 +0000

Type	Values Removed	Values Added
Description		Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Title		Credentails Disclosure
Weaknesses		CWE-1287
References		https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L'}`

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2024-12-05T12:51:39.054Z

Updated: 2024-12-05T14:43:58.312Z

Reserved: 2024-10-29T11:48:54.543Z

Link: CVE-2024-51546

Vulnrichment

Updated: 2024-12-05T14:43:49.604Z

NVD

Status : Received

Published: 2024-12-05T13:15:08.077

Modified: 2024-12-05T13:15:08.077

Link: CVE-2024-51546

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object