CVE-2024-51547
Published: 06 February 2025
Description
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Security Summary
CVE-2024-51547 is a Use of Hard-coded Credentials vulnerability (CWE-798) affecting ABB ASPECT-Enterprise through version 3.*, ABB NEXUS Series through version 3.*, and ABB MATRIX Series through version 3.*. Published on 2025-02-06, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high impact on confidentiality, integrity, and availability.
The vulnerability enables exploitation by unauthenticated remote attackers over the network with low complexity and no user interaction required. Successful exploitation allows attackers to leverage the hard-coded credentials for unauthorized access, potentially leading to full compromise of affected systems, including data exfiltration, modification, or disruption of services.
ABB has published a public advisory detailing the issue, available at https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&LanguageCode=en&DocumentPartId=pdf%20-%20Public%20Advisory&Action=Launch. Security practitioners should consult this advisory for specific mitigation guidance and patch information.
Details
- CWE(s)