Refine your search
1 vulnerability found for nexus-3-2128_firmware by abb
CVE-2024-4007 (GCVE-0-2024-4007)
Vulnerability from nvd
Published
2024-07-01 12:06
Modified
2024-08-01 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1392 - Use of Default Credentials
Summary
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ABB | ASPECT Enterprise (ASP-ENT-x) |
Version: 3.07 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:abb:aspect-ent-2_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "aspect-ent-2_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:aspect-ent-96_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "aspect-ent-96_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-2128-a_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-2128-a_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-2128-f_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-2128-f_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-2128_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-2128_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-2128-g_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-2128-g_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-264-a_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-264-a_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-264-f_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-264-f_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-264_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-264_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-264-g_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nexus-264-g_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-3-2128_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-3-2128_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-3-264_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-3-264_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:matrix-11_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "matrix-11_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:matrix-216_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "matrix-216_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:matrix-232_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "matrix-232_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:matrix-264_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "matrix-264_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:aspect-ent-12_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "aspect-ent-12_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:aspect-ent-256_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "aspect-ent-256_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:matrix-296_firmware:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "matrix-296_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.07.02",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:33:48.062617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T14:13:05.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A6101\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://new.abb.com/low-voltage/de/produkte/gebaeudeautomation/produktsortiment/cylon/produkte/aspect-enterprise",
"defaultStatus": "unaffected",
"packageName": "Installer",
"platforms": [
"Linux"
],
"product": "ASPECT Enterprise (ASP-ENT-x)",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.07"
}
]
},
{
"collectionURL": "https://new.abb.com/low-voltage/de/produkte/gebaeudeautomation/produktsortiment/cylon/produkte/nexus-series",
"defaultStatus": "unaffected",
"packageName": "Installer",
"platforms": [
"Linux"
],
"product": "NEXUS Series (NEX-2x, NEXUS-3-x)",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.07"
}
]
},
{
"collectionURL": "https://new.abb.com/low-voltage/de/produkte/gebaeudeautomation/produktsortiment/cylon/produkte/matrix",
"defaultStatus": "unaffected",
"packageName": "Installer",
"platforms": [
"Linux"
],
"product": "MATRIX Series(MAT-x)",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.07"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB likes to thank https://divd.nl for reporting the vulnerability in responsible disclosure."
}
],
"datePublic": "2024-07-01T03:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.\u003cbr\u003e"
}
],
"value": "Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T00:10:15.764Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A6101\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nABB Strongly recommends the following actions on any released SW version of ASPECT:\n- Change the PHPmyAdmin Password according to the system manual:\u0026nbsp; All customers who operate the ASPECT System with its default password are recommended to replace this default password with a unique, secure password, containing a\nmix of characters, numbers, and special characters with at least 10 characters in length.\n- Never expose open ports to the ASPECT product towards the Internet or any insecure network.\n- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs).\nRecognize that VPNs may have vulnerabilities and should be updated to the most current version\navailable. Also, understand that VPNs are only as secure as the connected devices.\n- ABB recommends that customers shall apply the latest product update at the earliest convenience.\n\n\n\u003cbr\u003e"
}
],
"value": "ABB Strongly recommends the following actions on any released SW version of ASPECT:\n- Change the PHPmyAdmin Password according to the system manual:\u00a0 All customers who operate the ASPECT System with its default password are recommended to replace this default password with a unique, secure password, containing a\nmix of characters, numbers, and special characters with at least 10 characters in length.\n- Never expose open ports to the ASPECT product towards the Internet or any insecure network.\n- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs).\nRecognize that VPNs may have vulnerabilities and should be updated to the most current version\navailable. Also, understand that VPNs are only as secure as the connected devices.\n- ABB recommends that customers shall apply the latest product update at the earliest convenience."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hard coded default credential contained in install package",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nASPECT system shall not be connected directly to untrusted networks such as the Internet.\nIf remote access to an ASPECT system is a customer requirement, the system shall operate behind a firewall. User accessing ASPECT remotely shall do this using a VPN Gateway allowing access to the particular\nnetwork segment where ASPECT is installed and configured in.\nNote: it is crucial that the VPN Gateway and Network is setup in accordance with best industry standards and maintained in terms of security patches for all related components.\nAny default credentials shall be exchanged with a unique credential supporting adequate strength. \n\n\u003cbr\u003e"
}
],
"value": "ASPECT system shall not be connected directly to untrusted networks such as the Internet.\nIf remote access to an ASPECT system is a customer requirement, the system shall operate behind a firewall. User accessing ASPECT remotely shall do this using a VPN Gateway allowing access to the particular\nnetwork segment where ASPECT is installed and configured in.\nNote: it is crucial that the VPN Gateway and Network is setup in accordance with best industry standards and maintained in terms of security patches for all related components.\nAny default credentials shall be exchanged with a unique credential supporting adequate strength."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-4007",
"datePublished": "2024-07-01T12:06:53.048Z",
"dateReserved": "2024-04-19T17:08:37.839Z",
"dateUpdated": "2024-08-01T20:26:57.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}