{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-51547", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2024-10-29T11:48:54.543Z", "datePublished": "2025-02-06T04:12:30.615Z", "dateUpdated": "2025-02-06T14:33:40.241Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "ASPECT-Enterprise", "vendor": "ABB", "versions": [{"lessThanOrEqual": "3.08.03", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "NEXUS Series", "vendor": "ABB", "versions": [{"lessThanOrEqual": "3.08.03", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "MATRIX Series", "vendor": "ABB", "versions": [{"lessThanOrEqual": "3.08.03", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "ABB acknowledges Gjoko Krstikj, Zero Science Lab, for reporting the potential vulnerabilities in responsible disclosure"}], "datePublic": "2025-02-05T19:53:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.<p>This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.</p>"}], "value": "Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2025-02-06T04:12:30.615Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&LanguageCode=en&DocumentPartId=pdf%20-%20Public%20Advisory&Action=Launch"}], "source": {"discovery": "UNKNOWN"}, "title": "Hard-coded Credentials", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users accessing ASPECT remotely shall do this using a VPN Gateway allowing access to the particular \nnetwork segment where ASPECT is installed and configured. <br>\nNote: it is crucial that the VPN Gateway and Network is set up in accordance with the best industry standards and maintained in terms of security patches for all related components.<br><br>\n\nThe vulnerabilities reported in scope of this document are only exploitable if attackers can access the \nnetwork segment where ASPECT is installed and exposed directly to the internet. ABB therefore recommends the following guidelines in order to protect customer network:\n<br><br>\u2022 ASPECT devices should never be exposed directly to the Internet either via a direct ISP connection nor via NAT port forwarding. If remote access to an ASPECT system is a customer requirement, the system shall operate behind a firewall. Users accessing ASPECT remotely shall do this \nusing a VPN Gateway allowing access to the particular network segment where ASPECT is installed and configured\n\u2022<br><br>\u2022 Authorized users shall change all default credentials during commissioning of an ASPECT system. If credentials have not been changed during commission state, ABB advises to change each \nchangeable credential at the earliest\n\n<br>"}], "value": "Users accessing ASPECT remotely shall do this using a VPN Gateway allowing access to the particular \nnetwork segment where ASPECT is installed and configured. \n\nNote: it is crucial that the VPN Gateway and Network is set up in accordance with the best industry standards and maintained in terms of security patches for all related components.\n\n\n\nThe vulnerabilities reported in scope of this document are only exploitable if attackers can access the \nnetwork segment where ASPECT is installed and exposed directly to the internet. ABB therefore recommends the following guidelines in order to protect customer network:\n\n\n\u2022 ASPECT devices should never be exposed directly to the Internet either via a direct ISP connection nor via NAT port forwarding. If remote access to an ASPECT system is a customer requirement, the system shall operate behind a firewall. Users accessing ASPECT remotely shall do this \nusing a VPN Gateway allowing access to the particular network segment where ASPECT is installed and configured\n\u2022\n\n\u2022 Authorized users shall change all default credentials during commissioning of an ASPECT system. If credentials have not been changed during commission state, ABB advises to change each \nchangeable credential at the earliest"}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-06T14:33:29.796406Z", "id": "CVE-2024-51547", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-06T14:33:40.241Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-51547", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-06T14:33:29.796406Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-06T14:33:35.333Z"}}], "cna": {"title": "Hard-coded Credentials", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "ABB acknowledges Gjoko Krstikj, Zero Science Lab, for reporting the potential vulnerabilities in responsible disclosure"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ABB", "product": "ASPECT-Enterprise", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.08.03"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "ABB", "product": "NEXUS Series", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.08.03"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "ABB", "product": "MATRIX Series", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.08.03"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "datePublic": "2025-02-05T19:53:00.000Z", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&LanguageCode=en&DocumentPartId=pdf%20-%20Public%20Advisory&Action=Launch"}], "workarounds": [{"lang": "en", "value": "Users accessing ASPECT remotely shall do this using a VPN Gateway allowing access to the particular \nnetwork segment where ASPECT is installed and configured. \n\nNote: it is crucial that the VPN Gateway and Network is set up in accordance with the best industry standards and maintained in terms of security patches for all related components.\n\n\n\nThe vulnerabilities reported in scope of this document are only exploitable if attackers can access the \nnetwork segment where ASPECT is installed and exposed directly to the internet. ABB therefore recommends the following guidelines in order to protect customer network:\n\n\n\u2022 ASPECT devices should never be exposed directly to the Internet either via a direct ISP connection nor via NAT port forwarding. If remote access to an ASPECT system is a customer requirement, the system shall operate behind a firewall. Users accessing ASPECT remotely shall do this \nusing a VPN Gateway allowing access to the particular network segment where ASPECT is installed and configured\n\u2022\n\n\u2022 Authorized users shall change all default credentials during commissioning of an ASPECT system. If credentials have not been changed during commission state, ABB advises to change each \nchangeable credential at the earliest", "supportingMedia": [{"type": "text/html", "value": "Users accessing ASPECT remotely shall do this using a VPN Gateway allowing access to the particular \nnetwork segment where ASPECT is installed and configured. <br>\nNote: it is crucial that the VPN Gateway and Network is set up in accordance with the best industry standards and maintained in terms of security patches for all related components.<br><br>\n\nThe vulnerabilities reported in scope of this document are only exploitable if attackers can access the \nnetwork segment where ASPECT is installed and exposed directly to the internet. ABB therefore recommends the following guidelines in order to protect customer network:\n<br><br>\u2022 ASPECT devices should never be exposed directly to the Internet either via a direct ISP connection nor via NAT port forwarding. If remote access to an ASPECT system is a customer requirement, the system shall operate behind a firewall. Users accessing ASPECT remotely shall do this \nusing a VPN Gateway allowing access to the particular network segment where ASPECT is installed and configured\n\u2022<br><br>\u2022 Authorized users shall change all default credentials during commissioning of an ASPECT system. If credentials have not been changed during commission state, ABB advises to change each \nchangeable credential at the earliest\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.", "supportingMedia": [{"type": "text/html", "value": "Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.<p>This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2025-02-06T04:12:30.615Z"}}}, "cveMetadata": {"cveId": "CVE-2024-51547", "state": "PUBLISHED", "dateUpdated": "2025-02-06T14:33:40.241Z", "dateReserved": "2024-10-29T11:48:54.543Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2025-02-06T04:12:30.615Z", "assignerShortName": "ABB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8D02E15-EE9A-4331-B66C-07C76E55503F", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:aspect-ent-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C6351DE-8170-4023-B815-536030F9236E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "38215640-01D6-40FA-8F2F-341305CAD004", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:aspect-ent-256:-:*:*:*:*:*:*:*", "matchCriteriaId": "125AAF0E-3CB2-4F5A-BA04-742918422422", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D3CF8AE-2A66-4C0A-8C54-913B5234F8BC", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:aspect-ent-96:-:*:*:*:*:*:*:*", "matchCriteriaId": "9CC1901E-7476-4070-B649-E2EAE52A38A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "811C32C4-7997-4E31-8E3F-25F8E96430CE", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:nexus-2128:-:*:*:*:*:*:*:*", "matchCriteriaId": "697D73AC-8567-4D25-B42F-FB584DAFF05F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "83F556CD-8646-47E7-AEEC-B006256DC285", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:nexus-2128-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1C4B551-EC7D-4D96-9B44-5238B2671F38", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A302140-61F6-46FC-90CF-F6816173C21D", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:nexus-2128-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC1B0FAC-EE50-41E7-8C6A-63E28649A539", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F3FC98E-80C4-4A09-9883-FBFDA22FFD57", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:nexus-2128-g:-:*:*:*:*:*:*:*", "matchCriteriaId": "86993CA6-E80C-464D-A208-EB119F41E106", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "22588A98-51BE-43D4-AC41-CFD1837174F9", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:nexus-264:-:*:*:*:*:*:*:*", "matchCriteriaId": "979B2BF4-885C-46B4-9093-E7CC35EBB397", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F6EEF70-8465-4676-AD13-D4D9061FC41B", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:nexus-264-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3961881-0563-443D-8381-428058A008DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACEA5F41-FF9F-4C79-9D4B-8667AA383654", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:nexus-264-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "43EB9B15-B1DF-49DC-B69C-00D0342E0592", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "827C9652-BA28-4438-B9B5-115635738FC6", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:nexus-264-g:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E7E5C1B-CFA0-4584-89F5-BE9190DC7DB7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "43308286-66DB-42CB-A940-F2FD1DE44306", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:nexus-3-2128:-:*:*:*:*:*:*:*", "matchCriteriaId": "66A14E33-5416-45D9-BBE4-61EFEC246E20", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "61F799C4-A7E1-4EFA-9A42-AB4333318C02", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:aspect-ent-12:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D3FE8A0-B7B1-496F-918B-83AECEC80486", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "171FB720-A9DF-441B-B4A6-BE5292C872A4", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:nexus-3-264:-:*:*:*:*:*:*:*", "matchCriteriaId": "96BF51C6-E220-4347-9505-48DAE2BB26B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA4D17EF-B003-4256-AEA0-AD4C7590F4A8", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:matrix-11:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CC44F95-4AE8-48B3-AC2C-6A4EB20F62DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "46B43D90-152F-4F9C-89EB-8D18B35F2608", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:matrix-216:-:*:*:*:*:*:*:*", "matchCriteriaId": "653A6815-9BC7-4BD4-BB67-DBCC666ED860", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC0F8BC3-B592-4BFF-85BE-5A526000FC09", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:matrix-232:-:*:*:*:*:*:*:*", "matchCriteriaId": "40C07D72-CA89-40A1-8EE8-F48A06DB7992", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2334693-AF50-4FC0-A330-7C5175A0CC87", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:matrix-264:-:*:*:*:*:*:*:*", "matchCriteriaId": "80E8A1A8-8476-4C36-A6F6-258C2DC60388", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "537FED1F-EB0C-47F4-BF63-EDB760A852B7", "versionEndIncluding": "3.08.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:matrix-296:-:*:*:*:*:*:*:*", "matchCriteriaId": "699E0759-590A-4362-9B5B-F876C1A020D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03."}, {"lang": "es", "value": "Uso de la vulnerabilidad de credenciales con codificaci\u00f3n dura en ABB Aspect-Enterprise, ABB Nexus Series, ABB Matrix Series. Este problema afecta la empresa de aspecto: hasta 3.08.03; Serie Nexus: hasta 3.08.03; Serie Matrix: hasta 3.08.03."}], "id": "CVE-2024-51547", "lastModified": "2025-04-10T20:19:50.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2025-02-06T05:15:12.850", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&LanguageCode=en&DocumentPartId=pdf%20-%20Public%20Advisory&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "cybersecurity@ch.abb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}