CVE-2024-4007

HIGH

ABB ASPECT; NEXUS Series; MATRIX Series <3.07 - Info Disclosure

Title source: llm

Description

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · webappsphp

https://www.exploit-db.com/exploits/52112

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A6101&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 8.8

EPSS 0.0953

EPSS Percentile 92.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1392

Status published

Products (13)

abb/aspect-ent-12_firmware < 3.07.02

abb/aspect-ent-256_firmware < 3.07.02

abb/aspect-ent-2_firmware < 3.07.02

abb/aspect-ent-96_firmware < 3.07.02

abb/matrix-11_firmware < 3.07.02

abb/matrix-216_firmware < 3.07.02

abb/matrix-232_firmware < 3.07.02

abb/matrix-264_firmware < 3.07.02

abb/matrix-296_firmware < 3.07.02

abb/nexus-2128_firmware < 3.07.02

... and 3 more

Published Jul 01, 2024

Tracked Since Feb 18, 2026