CVE-2024-48840

CRITICAL

ABB ASPECT/ENT/NEXUS/MATRIX Firmware < 3.08.03 - Unauthenticated Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-48840. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated command execution vulnerability in ABB Cylon Aspect's deployStart.php script. The vulnerability allows an attacker to trigger the execution of the 'rundeploy.sh' script, leading to unauthorized server initialization and potential command execution.

Description

Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · texthardwarephp

https://www.exploit-db.com/exploits/52251

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated command execution vulnerability in ABB Cylon Aspect's deployStart.php script. The vulnerability allows an attacker to trigger the execution of the 'rundeploy.sh' script, leading to unauthorized server initialization and potential command execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ABB Cylon Aspect <=3.08.02

No auth needed

Prerequisites: Network access to the target system · The deployStart.php script must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 10.0

EPSS 0.1774

EPSS Percentile 95.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (19)

abb/aspect-ent-12_firmware < 3.08.03

abb/aspect-ent-256_firmware < 3.08.03

abb/aspect-ent-2_firmware < 3.08.03

abb/aspect-ent-96_firmware < 3.08.03

abb/matrix-11_firmware < 3.08.03

abb/matrix-216_firmware < 3.08.03

abb/matrix-232_firmware < 3.08.03

abb/matrix-264_firmware < 3.08.03

abb/matrix-296_firmware < 3.08.03

abb/nexus-2128-a_firmware < 3.08.03

... and 9 more

Published Dec 05, 2024

Tracked Since Feb 18, 2026