CVE-2024-48847
05.12.2024, 13:15
MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01Enginsight
| Vendor | Product | Version |
|---|---|---|
| abb | aspect-ent-2_firmware | 𝑥 < 3.08.03 |
| abb | aspect-ent-256_firmware | 𝑥 < 3.08.03 |
| abb | aspect-ent-96_firmware | 𝑥 < 3.08.03 |
| abb | nexus-2128_firmware | 𝑥 < 3.08.03 |
| abb | nexus-2128-a_firmware | 𝑥 < 3.08.03 |
| abb | nexus-2128-f_firmware | 𝑥 < 3.08.03 |
| abb | nexus-2128-g_firmware | 𝑥 < 3.08.03 |
| abb | nexus-264_firmware | 𝑥 < 3.08.03 |
| abb | nexus-264-a_firmware | 𝑥 < 3.08.03 |
| abb | nexus-264-g_firmware | 𝑥 < 3.08.03 |
| abb | nexus-3-2128_firmware | 𝑥 < 3.08.03 |
| abb | aspect-ent-12_firmware | 𝑥 ≤ 3.08.01 |
| abb | nexus-264-f_firmware | 𝑥 < 3.08.03 |
| abb | nexus-3-264_firmware | 𝑥 ≤ 3.08.01 |
| abb | matrix-11_firmware | 𝑥 ≤ 3.08.01 |
| abb | matrix-216_firmware | 𝑥 ≤ 3.08.01 |
| abb | matrix-232_firmware | 𝑥 ≤ 3.08.01 |
| abb | matrix-264_firmware | 𝑥 ≤ 3.08.01 |
| abb | matrix-296_firmware | 𝑥 ≤ 3.08.01 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-328 - Use of Weak HashThe product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
- CWE-327 - Use of a Broken or Risky Cryptographic AlgorithmThe use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.