Details of VAR-202505-3492

ID

VAR-202505-3492

CVE

CVE-2025-30170

TITLE

ABB multiple product information leakage vulnerability (CNVD-2025-13766)

Trust: 0.6

sources: CNVD: CNVD-2025-13766

DESCRIPTION

Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications

Trust: 1.44

sources: NVD: CVE-2025-30170 // CNVD: CNVD-2025-13766

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13766

AFFECTED PRODUCTS

vendor:	abb	model:	aspect-enterprise	scope:	lte	version:	<=3.08.03	Trust: 0.6
vendor:	abb	model:	nexus series	scope:	lte	version:	<=3.08.03	Trust: 0.6
vendor:	abb	model:	matrix series	scope:	lte	version:	<=3.08.03	Trust: 0.6

sources: CNVD: CNVD-2025-13766

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@ch.abb.com:	CVE-2025-30170
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-13766
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-13766
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:M/C:C/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cybersecurity@ch.abb.com:	CVE-2025-30170
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	4.2
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-13766 // NVD: CVE-2025-30170

PROBLEMTYPE DATA

problemtype:

CWE-497

Trust: 1.0

sources: NVD: CVE-2025-30170

PATCH

title:

Patch for ABB multiple product information leakage vulnerability (CNVD-2025-13766)

url:

https://www.cnvd.org.cn/patchInfo/show/702261

Trust: 0.6

sources: CNVD: CNVD-2025-13766

EXTERNAL IDS

db:	NVD	id:	CVE-2025-30170	Trust: 1.6
db:	CNVD	id:	CNVD-2025-13766	Trust: 0.6

sources: CNVD: CNVD-2025-13766 // NVD: CVE-2025-30170

REFERENCES

url:	https://search.abb.com/library/download.aspx?documentid=9akk108471a0021&languagecode=en&documentpartid=pdf&action=launch	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-30170	Trust: 0.6

sources: CNVD: CNVD-2025-13766 // NVD: CVE-2025-30170

SOURCES

db:	CNVD	id:	CNVD-2025-13766
db:	NVD	id:	CVE-2025-30170

LAST UPDATE DATE

2025-06-27T23:11:39.387000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13766	date:	2025-06-26T00:00:00
db:	NVD	id:	CVE-2025-30170	date:	2025-05-23T15:55:02.040

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13766	date:	2025-06-26T00:00:00
db:	NVD	id:	CVE-2025-30170	date:	2025-05-22T18:15:41.670