CVE-2024-48849

Summary

Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.

Affected Software

VendorProductVersion RangeStatus
ABBFLXEON0 <= <= 9.3.4affected

Weaknesses

  • CWE-1385: CWE-1385: Missing Origin Validation in WebSockets

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References