Sign-up

ID

VAR-202505-2760


CVE

CVE-2024-13954


TITLE

ABB multiple product information leakage vulnerability (CNVD-2025-13421)

Trust: 0.6

sources: CNVD: CNVD-2025-13421

DESCRIPTION

Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ABB has an information disclosure vulnerability in many products, which is caused by the insecure storage of sensitive information. Attackers can exploit this vulnerability to obtain serialized configuration information

Trust: 1.44

sources: NVD: CVE-2024-13954 // CNVD: CNVD-2025-13421

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-13421

AFFECTED PRODUCTS

vendor:abbmodel:aspect-enterprisescope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:nexus seriesscope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:matrix seriesscope:lteversion:<=3.08.03

Trust: 0.6

sources: CNVD: CNVD-2025-13421

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@ch.abb.com: CVE-2024-13954
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-13421
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-13421
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cybersecurity@ch.abb.com: CVE-2024-13954
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.3
impactScore: 3.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-13421 // NVD: CVE-2024-13954

PROBLEMTYPE DATA

problemtype:CWE-922

Trust: 1.0

sources: NVD: CVE-2024-13954

PATCH

title:Patch for ABB multiple product information leakage vulnerability (CNVD-2025-13421)url:https://www.cnvd.org.cn/patchInfo/show/701766

Trust: 0.6

sources: CNVD: CNVD-2025-13421

EXTERNAL IDS

db:NVDid:CVE-2024-13954

Trust: 1.6

db:CNVDid:CNVD-2025-13421

Trust: 0.6

sources: CNVD: CNVD-2025-13421 // NVD: CVE-2024-13954

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=9akk108471a0021&languagecode=en&documentpartid=pdf&action=launch

Trust: 1.6

sources: CNVD: CNVD-2025-13421 // NVD: CVE-2024-13954

SOURCES

db:CNVDid:CNVD-2025-13421
db:NVDid:CVE-2024-13954

LAST UPDATE DATE

2025-06-26T23:18:23.068000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-13421date:2025-06-25T00:00:00
db:NVDid:CVE-2024-13954date:2025-05-23T15:54:42.643

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-13421date:2025-06-25T00:00:00
db:NVDid:CVE-2024-13954date:2025-05-22T19:15:39.487