Sign-up

ID

VAR-202505-2761


CVE

CVE-2024-13945


TITLE

ABB multiple products path traversal vulnerability (CNVD-2025-13774)

Trust: 0.6

sources: CNVD: CNVD-2025-13774

DESCRIPTION

Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications

Trust: 1.44

sources: NVD: CVE-2024-13945 // CNVD: CNVD-2025-13774

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-13774

AFFECTED PRODUCTS

vendor:abbmodel:aspect-enterprisescope:lteversion:<=3.*

Trust: 0.6

vendor:abbmodel:nexus seriesscope:lteversion:<=3.*

Trust: 0.6

vendor:abbmodel:matrix seriesscope:lteversion:<=3.*

Trust: 0.6

sources: CNVD: CNVD-2025-13774

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@ch.abb.com: CVE-2024-13945
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-13774
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-13774
severity: HIGH
baseScore: 7.3
vectorString: AV:N/AC:L/AU:M/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cybersecurity@ch.abb.com: CVE-2024-13945
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 4.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-13774 // NVD: CVE-2024-13945

PROBLEMTYPE DATA

problemtype:CWE-36

Trust: 1.0

sources: NVD: CVE-2024-13945

PATCH

title:Patch for ABB multiple products path traversal vulnerability (CNVD-2025-13774)url:https://www.cnvd.org.cn/patchInfo/show/702316

Trust: 0.6

sources: CNVD: CNVD-2025-13774

EXTERNAL IDS

db:NVDid:CVE-2024-13945

Trust: 1.6

db:CNVDid:CNVD-2025-13774

Trust: 0.6

sources: CNVD: CNVD-2025-13774 // NVD: CVE-2024-13945

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=9akk108471a0021&languagecode=en&documentpartid=pdf&action=launch

Trust: 1.6

sources: CNVD: CNVD-2025-13774 // NVD: CVE-2024-13945

SOURCES

db:CNVDid:CNVD-2025-13774
db:NVDid:CVE-2024-13945

LAST UPDATE DATE

2025-06-27T23:06:23.582000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-13774date:2025-06-26T00:00:00
db:NVDid:CVE-2024-13945date:2025-05-23T15:54:42.643

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-13774date:2025-06-26T00:00:00
db:NVDid:CVE-2024-13945date:2025-05-23T10:15:19.287