CVE-2024-6298

Improper Input Validation (CWE-20)

Published: Jul 5, 2024 / Updated: 4mo ago

010
CVSS 9.4EPSS 0.04%Critical
CVE info copied to clipboard

Summary

Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, and ABB MATRIX Series on Linux allows Remote Code Inclusion. This vulnerability affects ASPECT-Enterprise, NEXUS Series, and MATRIX Series versions through 3.08.01.

Impact

This vulnerability has a CVSS v3.1 base score of 9.8, which is considered CRITICAL. The attack vector is network-based, requires low attack complexity, and needs no user interaction or privileges. It can lead to high impacts on confidentiality, integrity, and availability of the affected systems. Successful exploitation could allow an attacker to execute arbitrary code remotely on the vulnerable systems, potentially leading to complete system compromise.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. ABB has released an update to address this vulnerability. The patch details can be found at https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964

Mitigation

1. Immediately update all affected ABB products (ASPECT-Enterprise, NEXUS Series, and MATRIX Series) to versions newer than 3.08.01. 2. If immediate patching is not possible, implement network segmentation to isolate affected systems from untrusted networks. 3. Monitor systems for unusual activities or unauthorized access attempts. 4. Implement strong input validation mechanisms on all input points of the affected systems. 5. Apply the principle of least privilege to minimize the potential impact of successful exploitation. 6. Regularly review and update security configurations of the affected systems.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:C/RE:H/U:Red

Timeline

CVE Assignment

NVD published the first details for CVE-2024-6298

Jul 5, 2024 at 11:15 AM
First Article

Feedly found the first article mentioning CVE-2024-6298. See article

Jul 5, 2024 at 11:20 AM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jul 5, 2024 at 11:21 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.1%)

Jul 6, 2024 at 10:31 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Jul 8, 2024 at 3:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Abb/nexus-3-264_firmware
+null more

Patches

search.abb.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

CPAI-2024-0919
The post CPAI-2024-0919 appeared first on Check Point Software .
ABB Cylon Aspect 3.08.01 Remote Code Execution
Authored by LiquidWorm Site zeroscience.mk ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile() function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite() function, allowing arbitrary file writes. Combined with an improper sanitization of file paths, this leads to directory traversal, allowing an attacker to upload malicious files to arbitrary locations. Once a malicious file is written to an executable directory, an authenticated attacker can trigger the file to execute code and gain unauthorized access to the building controller. advisories CVE-2024-6298 Change Mirror Download ABB Cylon Aspect 3.08.01 (bigUpload.php) Remote Code Execution Vendor: ABB Ltd. Product web page:
ABB Cylon Aspect 3.08.01 Remote Code Execution
ABB Cylon Aspect 3.08.01 (bigUpload.php) Remote Code ExecutionVendor: ABB Ltd.Product web page: ht
ABB Cylon Aspect 3.08.01 Remote Code Execution
ABB Cylon Aspect 3.08.01 (bigUpload.php) Remote Code ExecutionVendor: ABB Ltd.Product web page: ht
ABB Cylon Aspect 3.08.01 Remote Code Execution exploit
See 12 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI