CVE-2024-48839

CRITICAL

ABB ASPECT/Enterprise/NEXUS/MATRIX Firmware < 3.08.03 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-48839. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an authenticated OS command injection vulnerability in ABB Cylon Aspect BMS/BAS controller. The vulnerability allows arbitrary shell commands to be executed through the contents of an uploaded .db file, which is passed to the copyFile.sh script.

Description

Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Exploits (2)

exploitdb WORKING POC

by LiquidWorm · texthardwaremultiple

https://www.exploit-db.com/exploits/52216

View Code ZIP pw:eip

This exploit demonstrates an authenticated OS command injection vulnerability in ABB Cylon Aspect BMS/BAS controller. The vulnerability allows arbitrary shell commands to be executed through the contents of an uploaded .db file, which is passed to the copyFile.sh script.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ABB Cylon Aspect <=3.08.02

Auth required

Prerequisites: Authenticated session (PHPSESSID cookie) · Network access to the target

MITRE ATT&CK

T1202 - Indirect Command Execution T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

pocmultiple

https://www.exploit-db.com/exploits/52217

View Code ZIP pw:eip

The exploit demonstrates an authenticated blind command injection vulnerability in ABB Cylon Aspect's bbmdUpdate.php. It injects a sleep command via the hexMask2 and NAThexMask2 POST parameters to prove arbitrary command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ABB Cylon Aspect <=3.08.02

Auth required

Prerequisites: Valid PHPSESSID cookie for authentication · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 10.0

EPSS 0.1248

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (19)

abb/aspect-ent-12_firmware < 3.08.03

abb/aspect-ent-256_firmware < 3.08.03

abb/aspect-ent-2_firmware < 3.08.03

abb/aspect-ent-96_firmware < 3.08.03

abb/matrix-11_firmware < 3.08.03

abb/matrix-216_firmware < 3.08.03

abb/matrix-232_firmware < 3.08.03

abb/matrix-264_firmware < 3.08.03

abb/matrix-296_firmware < 3.08.03

abb/nexus-2128-a_firmware < 3.08.03

... and 9 more

Published Dec 05, 2024

Tracked Since Feb 18, 2026