CVE-2024-13954

Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 3.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch

Configurations

No configuration.

History

23 May 2025, 15:54

Type	Values Removed	Values Added
Summary		(es) La información de configuración serializada puede divulgarse durante la puesta en servicio del dispositivo al utilizar el conjunto de herramientas de configuración de ASPECT. Este problema afecta a ASPECT-Enterprise: hasta 3.; Serie NEXUS: hasta 3.; Serie MATRIX: hasta 3.*.

22 May 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-22 19:15

Updated : 2025-05-23 15:54

NVD link : CVE-2024-13954

Mitre link : CVE-2024-13954

CVE.ORG link : CVE-2024-13954

JSON object : View

Products Affected

No product.

CWE

CWE-922

Insecure Storage of Sensitive Information

{"id": "CVE-2024-13954", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.3}], "cvssMetricV40": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-22T19:15:39.487", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch", "source": "cybersecurity@ch.abb.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cybersecurity@ch.abb.com", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*."}, {"lang": "es", "value": "La informaci\u00f3n de configuraci\u00f3n serializada puede divulgarse durante la puesta en servicio del dispositivo al utilizar el conjunto de herramientas de configuraci\u00f3n de ASPECT. Este problema afecta a ASPECT-Enterprise: hasta 3.*; Serie NEXUS: hasta 3.*; Serie MATRIX: hasta 3.*."}], "lastModified": "2025-05-23T15:54:42.643", "sourceIdentifier": "cybersecurity@ch.abb.com"}