CVE-2024-48852

Critical

Published: 29 January 2025

Published

29 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

EPSS Score 0.0270 86.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4.

Security Summary

CVE-2024-48852 is an Insertion of Sensitive Information into Log File vulnerability (CWE-532) observed in FLEXON, affecting versions through <= 9.3.4. The flaw enables some information to be improperly disclosed through HTTPS access, as detailed in the CVE description published on 2025-01-29.

The vulnerability carries a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H), indicating it can be exploited over the network by unauthenticated attackers requiring low complexity and no user interaction. Successful exploitation results in low impact to confidentiality, but high impact to integrity and availability.

Mitigation guidance is provided in the ABB advisory document accessible at https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch.

Details

CWE(s): CWE-532

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch
cybersecurity@ch.abb.com