CVE-2024-6209

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series v <=3.08.01 ; MATRIX Series v<=3.08.01 allows Attacker to access files unauthorized

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:aspect-ent-12:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:aspect-ent-2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:aspect-ent-256:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:aspect-ent-96:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-2128:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-2128-a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-2128-f:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-2128-g:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-264:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-264-a:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-264-f:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-264-g:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-3-2128:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:nexus-3-264:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:matrix-11:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:matrix-216:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:matrix-232:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:matrix-264:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:matrix-296:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-07-05 11:15

Updated : 2024-07-08 15:35

NVD link : CVE-2024-6209

Mitre link : CVE-2024-6209

CVE.ORG link : CVE-2024-6209

JSON object : View

Products Affected

abb

nexus-264-a_firmware
nexus-2128-g_firmware
nexus-3-2128_firmware
aspect-ent-96_firmware
matrix-11
nexus-2128-f_firmware
nexus-3-264_firmware
nexus-2128
nexus-264-g_firmware
nexus-264-f
matrix-11_firmware
aspect-ent-256
nexus-264-g
aspect-ent-12_firmware
nexus-3-2128
matrix-264_firmware
nexus-2128-g
matrix-216
aspect-ent-256_firmware
aspect-ent-2
matrix-216_firmware
matrix-296_firmware
nexus-2128_firmware
aspect-ent-96
nexus-2128-a_firmware
aspect-ent-2_firmware
matrix-264
nexus-264-f_firmware
matrix-296
matrix-232
matrix-232_firmware
nexus-2128-a
nexus-2128-f
nexus-264
nexus-264-a
nexus-3-264
nexus-264_firmware
aspect-ent-12

CWE

CWE-552

Files or Directories Accessible to External Parties

7.5 /10