7.7
CVE-2024-48843
- EPSS 0.23%
- Veröffentlicht 05.12.2024 13:15:06
- Zuletzt bearbeitet 27.02.2025 15:45:57
- Quelle cybersecurity@ch.abb.com
- Teams Watchlist Login
- Unerledigt Login
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Abb ≫ Aspect-ent-2 Firmware Version < 3.08.03
Abb ≫ Aspect-ent-256 Firmware Version < 3.08.03
Abb ≫ Aspect-ent-96 Firmware Version < 3.08.03
Abb ≫ Nexus-2128 Firmware Version < 3.08.03
Abb ≫ Nexus-2128-a Firmware Version < 3.08.03
Abb ≫ Nexus-2128-f Firmware Version < 3.08.03
Abb ≫ Nexus-2128-g Firmware Version < 3.08.03
Abb ≫ Nexus-264 Firmware Version < 3.08.03
Abb ≫ Nexus-264-a Firmware Version < 3.08.03
Abb ≫ Nexus-264-g Firmware Version < 3.08.03
Abb ≫ Nexus-3-2128 Firmware Version < 3.08.03
Abb ≫ Aspect-ent-12 Firmware Version < 3.08.03
Abb ≫ Nexus-264-f Firmware Version < 3.08.03
Abb ≫ Nexus-3-264 Firmware Version < 3.08.03
Abb ≫ Matrix-11 Firmware Version < 3.08.03
Abb ≫ Matrix-216 Firmware Version < 3.08.03
Abb ≫ Matrix-232 Firmware Version < 3.08.03
Abb ≫ Matrix-264 Firmware Version < 3.08.03
Abb ≫ Matrix-296 Firmware Version < 3.08.03
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.461 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| cybersecurity@ch.abb.com | 7.6 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:Red
|
| cybersecurity@ch.abb.com | 7.7 | 1.8 | 5.3 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.