Sign-up

ID

VAR-202505-3350


CVE

CVE-2024-13951


TITLE

ABB multiple product information leakage vulnerability (CNVD-2025-13332)

Trust: 0.6

sources: CNVD: CNVD-2025-13332

DESCRIPTION

One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ABB has information leakage vulnerabilities in many products

Trust: 1.44

sources: NVD: CVE-2024-13951 // CNVD: CNVD-2025-13332

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-13332

AFFECTED PRODUCTS

vendor:abbmodel:aspect-enterprisescope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:nexus seriesscope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:matrix seriesscope:lteversion:<=3.08.03

Trust: 0.6

sources: CNVD: CNVD-2025-13332

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@ch.abb.com: CVE-2024-13951
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-13332
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-13332
severity: HIGH
baseScore: 8.0
vectorString: AV:N/AC:L/AU:S/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cybersecurity@ch.abb.com: CVE-2024-13951
baseSeverity: HIGH
baseScore: 7.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 4.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-13332 // NVD: CVE-2024-13951

PROBLEMTYPE DATA

problemtype:CWE-760

Trust: 1.0

sources: NVD: CVE-2024-13951

PATCH

title:Patch for ABB multiple product information leakage vulnerability (CNVD-2025-13332)url:https://www.cnvd.org.cn/patchInfo/show/701486

Trust: 0.6

sources: CNVD: CNVD-2025-13332

EXTERNAL IDS

db:NVDid:CVE-2024-13951

Trust: 1.6

db:CNVDid:CNVD-2025-13332

Trust: 0.6

sources: CNVD: CNVD-2025-13332 // NVD: CVE-2024-13951

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=9akk108471a0021&languagecode=en&documentpartid=pdf&action=launch

Trust: 1.6

sources: CNVD: CNVD-2025-13332 // NVD: CVE-2024-13951

SOURCES

db:CNVDid:CNVD-2025-13332
db:NVDid:CVE-2024-13951

LAST UPDATE DATE

2025-06-25T23:27:30.820000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-13332date:2025-06-24T00:00:00
db:NVDid:CVE-2024-13951date:2025-05-23T15:54:42.643

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-13332date:2025-06-24T00:00:00
db:NVDid:CVE-2024-13951date:2025-05-22T19:15:38.980