CVE-2024-4007

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ABBCNA
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
abbaspect-ent-12_firmware
𝑥
< 3.07.02
abbaspect-ent-2_firmware
𝑥
< 3.07.02
abbaspect-ent-256_firmware
𝑥
< 3.07.02
abbaspect-ent-96_firmware
𝑥
< 3.07.02
abbmatrix-11_firmware
𝑥
< 3.07.02
abbmatrix-216_firmware
𝑥
< 3.07.02
abbmatrix-232_firmware
𝑥
< 3.07.02
abbmatrix-264_firmware
𝑥
< 3.07.02
abbmatrix-296_firmware
𝑥
< 3.07.02
abbnexus-2128_firmware
𝑥
< 3.07.02
abbnexus-264_firmware
𝑥
< 3.07.02
abbnexus-3-2128_firmware
𝑥
< 3.07.02
abbnexus-3-264_firmware
𝑥
< 3.07.02
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A6101&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A6101&LanguageCode=en&DocumentPartId=&Action=Launch