Sign-up

ID

VAR-202505-2598


CVE

CVE-2024-13953


TITLE

ABB products have information leakage vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2025-13330

DESCRIPTION

Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ABB has information leakage vulnerabilities in many products

Trust: 1.44

sources: NVD: CVE-2024-13953 // CNVD: CNVD-2025-13330

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-13330

AFFECTED PRODUCTS

vendor:abbmodel:aspect-enterprisescope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:nexus seriesscope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:matrix seriesscope:lteversion:<=3.08.03

Trust: 0.6

sources: CNVD: CNVD-2025-13330

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@ch.abb.com: CVE-2024-13953
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-13330
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-13330
severity: MEDIUM
baseScore: 6.1
vectorString: AV:N/AC:L/AU:M/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cybersecurity@ch.abb.com: CVE-2024-13953
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-13330 // NVD: CVE-2024-13953

PROBLEMTYPE DATA

problemtype:CWE-359

Trust: 1.0

sources: NVD: CVE-2024-13953

PATCH

title:Patch for ABB products have information leakage vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/701461

Trust: 0.6

sources: CNVD: CNVD-2025-13330

EXTERNAL IDS

db:NVDid:CVE-2024-13953

Trust: 1.6

db:CNVDid:CNVD-2025-13330

Trust: 0.6

sources: CNVD: CNVD-2025-13330 // NVD: CVE-2024-13953

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=9akk108471a0021&languagecode=en&documentpartid=pdf&action=launch

Trust: 1.6

sources: CNVD: CNVD-2025-13330 // NVD: CVE-2024-13953

SOURCES

db:CNVDid:CNVD-2025-13330
db:NVDid:CVE-2024-13953

LAST UPDATE DATE

2025-06-25T23:27:08.087000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-13330date:2025-06-24T00:00:00
db:NVDid:CVE-2024-13953date:2025-05-23T15:54:42.643

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-13330date:2025-06-24T00:00:00
db:NVDid:CVE-2024-13953date:2025-05-22T19:15:39.320