CVE-2024-6784

CRITICAL

ABB ASPECT Enterprise NEXUS and MATRIX Series < 3.08.03 - Server-Side Request Forgery

Title source: llm
STIX 2.1

Description

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

References (1)

Core 1

Scores

CVSS v3 9.9
EPSS 0.0036
EPSS Percentile 58.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-918
Status published
Products (19)
abb/aspect-ent-12_firmware < 3.08.03
abb/aspect-ent-256_firmware < 3.08.03
abb/aspect-ent-2_firmware < 3.08.03
abb/aspect-ent-96_firmware < 3.08.03
abb/matrix-11_firmware < 3.08.03
abb/matrix-216_firmware < 3.08.03
abb/matrix-232_firmware < 3.08.03
abb/matrix-264_firmware < 3.08.03
abb/matrix-296_firmware < 3.08.03
abb/nexus-2128-a_firmware < 3.08.03
... and 9 more
Published Dec 05, 2024
Tracked Since Feb 18, 2026