Home/Product/abb nexus 2128 a firmware
Product

abb nexus 2128 a firmware

28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-51547
<= 3.08.03
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPEC
9.8CRITICAL
 CVE-2024-6784
< 3.08.03
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended i
9.9CRITICAL
 CVE-2024-6516
< 3.08.03
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.
9.0CRITICAL
 CVE-2024-6515
< 3.08.03
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability
9.6CRITICAL
 CVE-2024-51554
< 3.08.03
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.
9.1CRITICAL
 CVE-2024-51551
<= 3.07.02
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.
10.0CRITICAL
 CVE-2024-51550
< 3.08.03
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect
10.0CRITICAL
 CVE-2024-51549
< 3.08.03
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPEC
10.0CRITICAL
 CVE-2024-51548
< 3.08.03
Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02;
9.9CRITICAL
 CVE-2024-51546
< 3.08.03
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enter
7.5HIGH
 CVE-2024-51545
< 3.08.03
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected
10.0CRITICAL
 CVE-2024-51544
< 3.08.03
Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB
8.2HIGH
 CVE-2024-51543
< 3.08.03
Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT -
8.2HIGH
 CVE-2024-51542
< 3.08.03
Configuration Download vulnerabilities allow access to dependency configuration information. Affected products: ABB ASPECT - E
8.2HIGH
 CVE-2024-51541
< 3.08.03
Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise
8.2HIGH
 CVE-2024-48847
< 3.08.03
MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates
8.2HIGH
 CVE-2024-48846
< 3.08.03
Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing syste
7.1HIGH
 CVE-2024-48845
< 3.08.03
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facili
9.4CRITICAL
 CVE-2024-48844
< 3.08.03
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB AS
7.7HIGH
 CVE-2024-48843
< 3.08.03
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB AS
7.7HIGH
 CVE-2024-48840
< 3.08.03
Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS S
10.0CRITICAL
 CVE-2024-48839
< 3.08.03
Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NE
10.0CRITICAL
 CVE-2024-11317
< 3.08.03
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for ses
10.0CRITICAL
 CVE-2024-11316
< 3.08.03
Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Affected products: ABB
7.5HIGH
 CVE-2024-6298
<= 3.08.01
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 a
10.0CRITICAL
 CVE-2024-6209
<= 3.08.01
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 a
10.0CRITICAL
 CVE-2023-0636
>= 3.0.0 and < 3.07.01
Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202
7.2HIGH
 CVE-2023-0635
>= 3.0.0 and < 3.07.01
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG10
7.8HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh