CVE-2024-48841

Critical

Published: 27 January 2025

Published

27 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0416 88.7th percentile

Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Description

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.

Security Summary

CVE-2024-48841 is a critical vulnerability (CVSS 10.0, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) classified under CWE-77, affecting FLXEON versions 9.3.4 and older. The issue enables network access to execute arbitrary code with elevated privileges.

An unauthenticated remote attacker requires only network access to exploit this vulnerability, with low attack complexity and no user interaction needed. Successful exploitation allows the attacker to achieve high-impact effects on confidentiality, integrity, and availability while expanding scope to elevated privileges through arbitrary code execution.

Mitigation guidance is detailed in the ABB security advisory available at https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch.

Details

CWE(s): CWE-77

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch
cybersecurity@ch.abb.com