CVE-2024-6209

CRITICAL

ABB ASPECT - Enterprise <3.08.01 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-6209. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file deletion vulnerability in ABB Cylon Aspect via unsanitized input in the 'file' parameter of 'databasefiledelete.php'. It uses directory traversal to delete files with web server permissions.

Description

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · webappsphp
https://www.exploit-db.com/exploits/52108

This exploit demonstrates an arbitrary file deletion vulnerability in ABB Cylon Aspect via unsanitized input in the 'file' parameter of 'databasefiledelete.php'. It uses directory traversal to delete files with web server permissions.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: ABB Cylon Aspect <=3.08.01
No auth needed
Prerequisites: Network access to the target · Vulnerable endpoint exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 10.0
EPSS 0.1716
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-552
Status published
Products (19)
abb/aspect-ent-12_firmware < 3.08.01
abb/aspect-ent-256_firmware < 3.08.01
abb/aspect-ent-2_firmware < 3.08.01
abb/aspect-ent-96_firmware < 3.08.01
abb/matrix-11_firmware < 3.08.01
abb/matrix-216_firmware < 3.08.01
abb/matrix-232_firmware < 3.08.01
abb/matrix-264_firmware < 3.08.01
abb/matrix-296_firmware < 3.08.01
abb/nexus-2128-a_firmware < 3.08.01
... and 9 more
Published Jul 05, 2024
Tracked Since Feb 18, 2026