ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node.

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

No data.

No data.

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-48895 ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node.
Fixes

Solution

No solution given by the vendor.

Workaround

Please follow the guidelines in the following Product Advisory Note to improve the system security: Guidelines to Prevent Unauthorized Modifications of Firmware and Configuration, ABB Digital Substation Products ( https://search.abb.com/library/Download.aspx?DocumentID=2NGA002288&LanguageCode=en&DocumentP... https://search.abb.com/library/Download.aspx )

References
Link Providers
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001911&LanguageCode=en&DocumentPartId=&Action=Launch cve-icon cve-icon
History

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0002}

 epss

{'score': 0.00021}

Wed, 30 Oct 2024 17:30:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 4.6, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:N/R:I/V:D/RE:H/U:Amber'}

Fri, 25 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 25 Oct 2024 17:00:00 +0000

Type Values Removed Values Added
Description ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node.
Title Unauthorized Modifications of Firmware and Configuration
Weaknesses CWE-347
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: ABB

Published:

Updated: 2024-10-30T17:20:11.747Z

Reserved: 2024-08-20T23:19:07.498Z

Link: CVE-2024-8036

cve-icon Vulnrichment

Updated: 2024-10-25T18:01:11.669Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-25T17:15:04.963

Modified: 2024-10-30T18:15:07.960

Link: CVE-2024-8036

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.