CVE-2024-6298

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6298
Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:aspect-ent-12:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:aspect-ent-2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:aspect-ent-256:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:aspect-ent-96:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-2128:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-2128-a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-2128-f:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-2128-g:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-264:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-264-a:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-264-f:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-264-g:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-3-2128:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-3-264:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:matrix-11:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:matrix-216:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:matrix-232:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:matrix-264:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:matrix-296:-:*:*:*:*:*:*:*
History

08 Jul 2024, 15:35

Type Values Removed Values Added
First Time Abb aspect-ent-96
Abb matrix-296
Abb nexus-264-g Firmware
Abb nexus-2128-g
Abb aspect-ent-12
Abb nexus-264 Firmware
Abb nexus-3-2128
Abb nexus-2128 Firmware
Abb aspect-ent-2
Abb matrix-216 Firmware
Abb nexus-264-f Firmware
Abb aspect-ent-12 Firmware
Abb nexus-3-264
Abb aspect-ent-2 Firmware
Abb nexus-264-f
Abb matrix-11
Abb nexus-264
Abb matrix-232
Abb nexus-3-2128 Firmware
Abb nexus-2128-a
Abb matrix-11 Firmware
Abb matrix-216
Abb nexus-2128-f Firmware
Abb nexus-2128-a Firmware
Abb matrix-264 Firmware
Abb nexus-2128-f
Abb aspect-ent-256
Abb
Abb aspect-ent-96 Firmware
Abb nexus-264-a Firmware
Abb nexus-264-a
Abb nexus-2128
Abb aspect-ent-256 Firmware
Abb matrix-264
Abb matrix-232 Firmware
Abb nexus-3-264 Firmware
Abb matrix-296 Firmware
Abb nexus-2128-g Firmware
Abb nexus-264-g
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE NVD-CWE-noinfo
CPE cpe:2.3:h:abb:nexus-2128-g:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-264-a:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-264:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:aspect-ent-256:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-2128:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:aspect-ent-96:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:matrix-264:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-264-g:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:matrix-216:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:matrix-232:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-2128-f:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:aspect-ent-12:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:matrix-296:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-3-264:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-2128-a:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-3-2128:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:matrix-11:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:nexus-264-f:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:aspect-ent-2:-:*:*:*:*:*:*:*
References () https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964 - () https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964 - Vendor Advisory

05 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de validación de entrada incorrecta en ABB ASPECT-Enterprise en Linux, ABB NEXUS Series en Linux, ABB MATRIX Series en Linux permite la inclusión remota de código. Este problema afecta a ASPECT-Enterprise: hasta 3.08.01; Serie NEXUS: hasta el 3.08.01; Serie MATRIX: hasta el 3.08.01.

05 Jul 2024, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-05 11:15

Updated : 2024-07-08 15:35

NVD link : CVE-2024-6298

Mitre link : CVE-2024-6298

CVE.ORG link : CVE-2024-6298

JSON object : View

Products Affected

abb

  • matrix-264
  • nexus-264
  • matrix-216
  • aspect-ent-2_firmware
  • nexus-2128
  • aspect-ent-2
  • nexus-264-f
  • aspect-ent-12_firmware
  • matrix-232
  • aspect-ent-12
  • nexus-3-264_firmware
  • nexus-2128-f
  • nexus-264-f_firmware
  • nexus-2128-f_firmware
  • matrix-11_firmware
  • nexus-264-a_firmware
  • matrix-296
  • aspect-ent-96
  • nexus-264_firmware
  • nexus-2128-a_firmware
  • nexus-3-2128_firmware
  • nexus-3-2128
  • matrix-264_firmware
  • matrix-296_firmware
  • aspect-ent-256_firmware
  • matrix-232_firmware
  • aspect-ent-96_firmware
  • matrix-11
  • nexus-3-264
  • matrix-216_firmware
  • aspect-ent-256
  • nexus-2128_firmware
  • nexus-2128-a
  • nexus-2128-g_firmware
  • nexus-264-g_firmware
  • nexus-264-g
  • nexus-2128-g
  • nexus-264-a
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation