CVE-2024-4007

Summary

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.

Affected Software

VendorProductVersion RangeStatus
ABBASPECT Enterprise (ASP-ENT-x)3.07affected
ABBNEXUS Series (NEX-2x, NEXUS-3-x)3.07affected
ABBMATRIX Series(MAT-x)3.07affected

Weaknesses

  • CWE-1392: CWE-1392: Use of Default Credentials

Workarounds

ASPECT system shall not be connected directly to untrusted networks such as the Internet. If remote access to an ASPECT system is a customer requirement, the system shall operate behind a firewall. User accessing ASPECT remotely shall do this using a VPN Gateway allowing access to the particular network segment where ASPECT is installed and configured in. Note: it is crucial that the VPN Gateway and Network is setup in accordance with best industry standards and maintained in terms of security patches for all related components. Any default credentials shall be exchanged with a unique credential supporting adequate strength.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References