CVE-2024-4007
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Red
Summary
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABB | ASPECT Enterprise (ASP-ENT-x) | 3.07 | affected |
| ABB | NEXUS Series (NEX-2x, NEXUS-3-x) | 3.07 | affected |
| ABB | MATRIX Series(MAT-x) | 3.07 | affected |
Weaknesses
- CWE-1392: CWE-1392: Use of Default Credentials
Workarounds
ASPECT system shall not be connected directly to untrusted networks such as the Internet. If remote access to an ASPECT system is a customer requirement, the system shall operate behind a firewall. User accessing ASPECT remotely shall do this using a VPN Gateway allowing access to the particular network segment where ASPECT is installed and configured in. Note: it is crucial that the VPN Gateway and Network is setup in accordance with best industry standards and maintained in terms of security patches for all related components. Any default credentials shall be exchanged with a unique credential supporting adequate strength.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.