CVE-2024-4007

HIGH

ABB ASPECT; NEXUS Series; MATRIX Series <3.07 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-4007. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit details the presence of hard-coded default credentials in ABB Cylon Aspect versions up to 3.07.01. The credentials ('root' and 'F@c1liTy') are exposed in the configuration file, allowing unauthorized access to the system.

Description

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.

Exploits (1)

exploitdb WRITEUP
by LiquidWorm · webappsphp
https://www.exploit-db.com/exploits/52112

This exploit details the presence of hard-coded default credentials in ABB Cylon Aspect versions up to 3.07.01. The credentials ('root' and 'F@c1liTy') are exposed in the configuration file, allowing unauthorized access to the system.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ABB Cylon Aspect <=3.07.01
No auth needed
Prerequisites: Network access to the target system · Exposed configuration file or default credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0151
EPSS Percentile 71.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-1392
Status published
Products (13)
abb/aspect-ent-12_firmware < 3.07.02
abb/aspect-ent-256_firmware < 3.07.02
abb/aspect-ent-2_firmware < 3.07.02
abb/aspect-ent-96_firmware < 3.07.02
abb/matrix-11_firmware < 3.07.02
abb/matrix-216_firmware < 3.07.02
abb/matrix-232_firmware < 3.07.02
abb/matrix-264_firmware < 3.07.02
abb/matrix-296_firmware < 3.07.02
abb/nexus-2128_firmware < 3.07.02
... and 3 more
Published Jul 01, 2024
Tracked Since Feb 18, 2026