Abb: >> Nexus-2128-F Firmware Security Vulnerabilities
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-06
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
9.6
EPSS Score
0.0
Published
2024-12-05
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
9.0
EPSS Score
0.007
Published
2024-12-05
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
9.9
EPSS Score
0.001
Published
2024-12-05
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
7.5
EPSS Score
0.015
Published
2024-12-05
Dangerous File Upload vulnerabilities allow upload of malicious scripts.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
9.9
EPSS Score
0.001
Published
2024-12-05
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
10.0
EPSS Score
0.001
Published
2024-12-05
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
10.0
EPSS Score
0.014
Published
2024-12-05
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02
CVSS Score
10.0
EPSS Score
0.002
Published
2024-12-05
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
9.1
EPSS Score
0.001
Published
2024-12-05
Page 1