Abb Nexus-2128-g Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Abb Nexus-2128-g Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2024-51551 — CVSS 10.0 (critical): Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected…
CVE-2024-51550 — CVSS 10.0 (critical): Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device…
CVE-2024-6298 — CVSS 10.0 (critical): Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker…
CVE-2024-6209 — CVSS 10.0 (critical): Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker…
CVE-2024-11317 — CVSS 10.0 (critical): Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session…
CVE-2024-6784 — CVSS 9.9 (critical): Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended…
CVE-2024-51547 — CVSS 9.8 (critical): Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects…
CVE-2024-6515 — CVSS 9.6 (critical): Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of…
CVE-2024-48845 — CVSS 9.4 (critical): Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate…
CVE-2024-51554 — CVSS 9.1 (critical): Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected…
CVE-2024-6516 — CVSS 9.0 (critical): Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected…
CVE-2024-51544 — CVSS 8.2 (high): Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT -…
CVE-2024-48847 — CVSS 8.2 (high): MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5…
CVE-2024-51541 — CVSS 8.2 (high): Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02…
CVE-2024-51543 — CVSS 8.2 (high): Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT - Enterprise…
CVE-2023-0635 — CVSS 7.8 (high): Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021…
CVE-2024-48844 — CVSS 7.7 (high): Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT -…
CVE-2024-48843 — CVSS 7.7 (high): Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT -…
CVE-2024-11316 — CVSS 7.5 (high): Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Affected products: ABB ASPECT -…
CVE-2023-0636 — CVSS 7.2 (high): Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021…
CVE-2024-48846 — CVSS 7.1 (high): Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system…