CVE-2024-48845

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS v3 9.4 CRITICAL

9.4^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:aspect-ent-2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:aspect-ent-256:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:aspect-ent-96:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-2128:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-2128-a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-2128-f:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-2128-g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-264:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-264-a:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-264-g:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-3-2128:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:aspect-ent-12:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-264-f:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-3-264:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:matrix-11:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:matrix-216:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:matrix-232:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:matrix-264:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:matrix-296:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-05 13:15

Updated : 2025-02-27 17:13

NVD link : CVE-2024-48845

Mitre link : CVE-2024-48845

CVE.ORG link : CVE-2024-48845

JSON object : View

Products Affected

abb

aspect-ent-96
matrix-296
matrix-216_firmware
matrix-296_firmware
nexus-264-g
aspect-ent-12_firmware
nexus-3-264
nexus-2128-a
matrix-232_firmware
nexus-264_firmware
nexus-264-a_firmware
nexus-264-f
nexus-3-264_firmware
nexus-2128-a_firmware
nexus-2128-g
aspect-ent-2
nexus-3-2128_firmware
nexus-264-a
matrix-11_firmware
nexus-3-2128
nexus-264-g_firmware
nexus-264-f_firmware
aspect-ent-12
nexus-2128-f_firmware
nexus-2128
nexus-2128_firmware
nexus-2128-g_firmware
matrix-11
matrix-216
aspect-ent-256
aspect-ent-96_firmware
matrix-264
aspect-ent-256_firmware
nexus-264
matrix-264_firmware
nexus-2128-f
matrix-232
aspect-ent-2_firmware

CWE

CWE-521

Weak Password Requirements

9.4 /10