Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-05 CVE-2024-48845 Unspecified vulnerability in ABB products
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02
network
low complexity
abb
critical
9.8
2024-12-05 CVE-2024-48847 Use of a Broken or Risky Cryptographic Algorithm vulnerability in ABB products
MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes.  Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01
network
low complexity
abb CWE-327
critical
9.1
2024-12-05 CVE-2024-51545 Unspecified vulnerability in ABB products
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
network
low complexity
abb
critical
9.8
2024-12-05 CVE-2024-51549 Path Traversal vulnerability in ABB products
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
network
low complexity
abb CWE-22
critical
9.4
2024-12-05 CVE-2024-51550 Unspecified vulnerability in ABB products
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
network
low complexity
abb
critical
9.8
2024-12-05 CVE-2024-51551 Use of Hard-coded Credentials vulnerability in ABB products
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02
network
low complexity
abb CWE-798
critical
10.0
2024-12-05 CVE-2024-51554 Off-by-one Error vulnerability in ABB products
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
network
low complexity
abb CWE-193
critical
9.8
2024-12-05 CVE-2024-6784 Server-Side Request Forgery (SSRF) vulnerability in ABB products
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
network
low complexity
abb CWE-918
critical
9.9
2024-12-05 CVE-2024-12187 SQL Injection vulnerability in 1000Projects Library Management System 1.0
A vulnerability was found in 1000 Projects Library Management System 1.0.
network
low complexity
1000projects CWE-89
critical
9.8
2024-12-05 CVE-2024-12188 SQL Injection vulnerability in 1000Projects Library Management System 1.0
A vulnerability was found in 1000 Projects Library Management System 1.0.
network
low complexity
1000projects CWE-89
critical
9.8