Vulnerabilities > CVE-2024-6209 - Files or Directories Accessible to External Parties vulnerability in ABB products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

abb

CWE-552

NVD

Published: 2024-07-05

Updated: 2024-07-08

Summary

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series v <=3.08.01 ; MATRIX Series v<=3.08.01 allows Attacker to access files unauthorized

Vulnerable Configurations

Part	Description	Count
OS	Abb ABB Aspect ENT 12 Firmware - ABB Aspect ENT 12 Firmware 3.0.0 ABB Aspect ENT 12 Firmware 3.07.01 ABB Aspect ENT 12 Firmware 3.08.01 ABB Aspect ENT 2 Firmware - ABB Aspect ENT 2 Firmware 3.0.0 ABB Aspect ENT 2 Firmware 3.07.01 ABB Aspect ENT 2 Firmware 3.08.01 ABB Aspect ENT 256 Firmware - ABB Aspect ENT 256 Firmware 3.0.0 ABB Aspect ENT 256 Firmware 3.07.01 ABB Aspect ENT 256 Firmware 3.08.01 ABB Aspect ENT 96 Firmware - ABB Aspect ENT 96 Firmware 3.0.0 ABB Aspect ENT 96 Firmware 3.07.01 ABB Aspect ENT 96 Firmware 3.08.01 ABB Nexus 2128 Firmware - ABB Nexus 2128 Firmware 3.0.0 ABB Nexus 2128 Firmware 3.07.01 ABB Nexus 2128 Firmware 3.08.01 ABB Nexus 2128 A Firmware - ABB Nexus 2128 A Firmware 3.0.0 ABB Nexus 2128 A Firmware 3.07.01 ABB Nexus 2128 A Firmware 3.08.01 ABB Nexus 2128 F Firmware - ABB Nexus 2128 F Firmware 3.0.0 ABB Nexus 2128 F Firmware 3.07.01 ABB Nexus 2128 F Firmware 3.08.01 ABB Nexus 2128 G Firmware - ABB Nexus 2128 G Firmware 3.0.0 ABB Nexus 2128 G Firmware 3.07.01 ABB Nexus 2128 G Firmware 3.08.01 ABB Nexus 264 Firmware - ABB Nexus 264 Firmware 3.0.0 ABB Nexus 264 Firmware 3.07.01 ABB Nexus 264 Firmware 3.08.01 ABB Nexus 264 A Firmware - ABB Nexus 264 A Firmware 3.0.0 ABB Nexus 264 A Firmware 3.07.01 ABB Nexus 264 A Firmware 3.08.01 ABB Nexus 264 F Firmware - ABB Nexus 264 F Firmware 3.0.0 ABB Nexus 264 F Firmware 3.07.01 ABB Nexus 264 F Firmware 3.08.01 ABB Nexus 264 G Firmware - ABB Nexus 264 G Firmware 3.0.0 ABB Nexus 264 G Firmware 3.07.01 ABB Nexus 264 G Firmware 3.08.01 ABB Nexus 3 2128 Firmware - ABB Nexus 3 2128 Firmware 3.0.0 ABB Nexus 3 2128 Firmware 3.07.01 ABB Nexus 3 2128 Firmware 3.08.01 ABB Nexus 3 264 Firmware - ABB Nexus 3 264 Firmware 3.0.0 ABB Nexus 3 264 Firmware 3.07.01 ABB Nexus 3 264 Firmware 3.08.01 ABB Matrix 11 Firmware - ABB Matrix 11 Firmware 3.0.0 ABB Matrix 11 Firmware 3.07.01 ABB Matrix 11 Firmware 3.08.01 ABB Matrix 216 Firmware - ABB Matrix 216 Firmware 3.0.0 ABB Matrix 216 Firmware 3.07.01 ABB Matrix 216 Firmware 3.08.01 ABB Matrix 232 Firmware - ABB Matrix 232 Firmware 3.0.0 ABB Matrix 232 Firmware 3.07.01 ABB Matrix 232 Firmware 3.08.01 ABB Matrix 264 Firmware - ABB Matrix 264 Firmware 3.0.0 ABB Matrix 264 Firmware 3.07.01 ABB Matrix 264 Firmware 3.08.01 ABB Matrix 296 Firmware - ABB Matrix 296 Firmware 3.0.0 ABB Matrix 296 Firmware 3.07.01 ABB Matrix 296 Firmware 3.08.01	76
Hardware	Abb ABB Aspect ENT 12 - ABB Aspect ENT 2 - ABB Aspect ENT 256 - ABB Aspect ENT 96 - ABB Nexus 2128 - ABB Nexus 2128 A - ABB Nexus 2128 F - ABB Nexus 2128 G - ABB Nexus 264 - ABB Nexus 264 A - ABB Nexus 264 F - ABB Nexus 264 G - ABB Nexus 3 2128 - ABB Nexus 3 264 - ABB Matrix 11 - ABB Matrix 216 - ABB Matrix 232 - ABB Matrix 264 - ABB Matrix 296 -	19

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964