VAR-202505-3882
Vulnerability from variot - Updated: 2025-06-27 23:08An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ABB ASPECT and others are products of ABB of Switzerland. ABB ASPECT is a scalable building energy management and control solution. ABB MATRIX is an embedded building automation network controller. ABB NEXUS is a wireless and wired solution.
Many ABB products have a denial of service vulnerability, which is caused by disk overuse. Attackers can exploit this vulnerability to cause system resource exhaustion
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-3882",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aspect-enterprise",
"scope": "lte",
"trust": 2.4,
"vendor": "abb",
"version": "\u003c=3.08.03"
},
{
"model": "nexus series",
"scope": "lte",
"trust": 2.4,
"vendor": "abb",
"version": "\u003c=3.08.03"
},
{
"model": "matrix series",
"scope": "lte",
"trust": 2.4,
"vendor": "abb",
"version": "\u003c=3.08.03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13773"
},
{
"db": "CNVD",
"id": "CNVD-2025-13775"
},
{
"db": "CNVD",
"id": "CNVD-2025-13731"
},
{
"db": "CNVD",
"id": "CNVD-2025-13776"
}
]
},
"cve": "CVE-2024-48853",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2025-13773",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-13775",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-13731",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2025-13776",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2024-48853",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2024-48853",
"trust": 1.0,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2025-13773",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-13775",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2025-13731",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2025-13776",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13773"
},
{
"db": "CNVD",
"id": "CNVD-2025-13775"
},
{
"db": "CNVD",
"id": "CNVD-2025-13731"
},
{
"db": "CNVD",
"id": "CNVD-2025-13776"
},
{
"db": "NVD",
"id": "CVE-2024-48853"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a \"non\" root ASPECT user. \u00a0This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ABB ASPECT and others are products of ABB of Switzerland. ABB ASPECT is a scalable building energy management and control solution. ABB MATRIX is an embedded building automation network controller. ABB NEXUS is a wireless and wired solution. \n\nMany ABB products have a denial of service vulnerability, which is caused by disk overuse. Attackers can exploit this vulnerability to cause system resource exhaustion",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-48853"
},
{
"db": "CNVD",
"id": "CNVD-2025-13773"
},
{
"db": "CNVD",
"id": "CNVD-2025-13775"
},
{
"db": "CNVD",
"id": "CNVD-2025-13731"
},
{
"db": "CNVD",
"id": "CNVD-2025-13776"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-48853",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2025-13773",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2025-13775",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2025-13731",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2025-13776",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13773"
},
{
"db": "CNVD",
"id": "CNVD-2025-13775"
},
{
"db": "CNVD",
"id": "CNVD-2025-13731"
},
{
"db": "CNVD",
"id": "CNVD-2025-13776"
},
{
"db": "NVD",
"id": "CVE-2024-48853"
}
]
},
"id": "VAR-202505-3882",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13773"
},
{
"db": "CNVD",
"id": "CNVD-2025-13775"
},
{
"db": "CNVD",
"id": "CNVD-2025-13731"
},
{
"db": "CNVD",
"id": "CNVD-2025-13776"
}
],
"trust": 0.24
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.4
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13773"
},
{
"db": "CNVD",
"id": "CNVD-2025-13775"
},
{
"db": "CNVD",
"id": "CNVD-2025-13731"
},
{
"db": "CNVD",
"id": "CNVD-2025-13776"
}
]
},
"last_update_date": "2025-06-27T23:08:26.012000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for ABB products have privilege escalation vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/702311"
},
{
"title": "Patch for ABB products predict file name vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/702321"
},
{
"title": "Patch for Denial of Service Vulnerabilities in Multiple ABB Products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/702326"
},
{
"title": "Patch for ABB products have weak password storage vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/702336"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13773"
},
{
"db": "CNVD",
"id": "CNVD-2025-13775"
},
{
"db": "CNVD",
"id": "CNVD-2025-13731"
},
{
"db": "CNVD",
"id": "CNVD-2025-13776"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-286",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-48853"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-48853"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=9akk108471a0021\u0026languagecode=en\u0026documentpartid=pdf\u0026action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13773"
},
{
"db": "CNVD",
"id": "CNVD-2025-13775"
},
{
"db": "CNVD",
"id": "CNVD-2025-13731"
},
{
"db": "CNVD",
"id": "CNVD-2025-13776"
},
{
"db": "NVD",
"id": "CVE-2024-48853"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-13773"
},
{
"db": "CNVD",
"id": "CNVD-2025-13775"
},
{
"db": "CNVD",
"id": "CNVD-2025-13731"
},
{
"db": "CNVD",
"id": "CNVD-2025-13776"
},
{
"db": "NVD",
"id": "CVE-2024-48853"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13773"
},
{
"date": "2025-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13775"
},
{
"date": "2025-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13731"
},
{
"date": "2025-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13776"
},
{
"date": "2025-05-22T17:15:23.243000",
"db": "NVD",
"id": "CVE-2024-48853"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13773"
},
{
"date": "2025-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13775"
},
{
"date": "2025-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13731"
},
{
"date": "2025-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13776"
},
{
"date": "2025-05-23T15:55:02.040000",
"db": "NVD",
"id": "CVE-2024-48853"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB products have privilege escalation vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13773"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…