Sign-up

ID

VAR-202505-3533


CVE

CVE-2024-13948


TITLE

ABB multiple product information leakage vulnerability (CNVD-2025-13423)

Trust: 0.6

sources: CNVD: CNVD-2025-13423

DESCRIPTION

Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ABB products have information disclosure vulnerabilities caused by incorrect default permissions. Attackers can exploit this vulnerability to obtain sensitive configuration information

Trust: 1.44

sources: NVD: CVE-2024-13948 // CNVD: CNVD-2025-13423

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-13423

AFFECTED PRODUCTS

vendor:abbmodel:aspect-enterprisescope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:nexus seriesscope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:matrix seriesscope:lteversion:<=3.08.03

Trust: 0.6

sources: CNVD: CNVD-2025-13423

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@ch.abb.com: CVE-2024-13948
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-13423
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-13423
severity: MEDIUM
baseScore: 5.2
vectorString: AV:L/AC:L/AU:S/C:C/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cybersecurity@ch.abb.com: CVE-2024-13948
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.0
impactScore: 4.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-13423 // NVD: CVE-2024-13948

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.0

sources: NVD: CVE-2024-13948

PATCH

title:Patch for ABB multiple product information leakage vulnerability (CNVD-2025-13423)url:https://www.cnvd.org.cn/patchInfo/show/701776

Trust: 0.6

sources: CNVD: CNVD-2025-13423

EXTERNAL IDS

db:NVDid:CVE-2024-13948

Trust: 1.6

db:CNVDid:CNVD-2025-13423

Trust: 0.6

sources: CNVD: CNVD-2025-13423 // NVD: CVE-2024-13948

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=9akk108471a0021&languagecode=en&documentpartid=pdf&action=launch

Trust: 1.6

sources: CNVD: CNVD-2025-13423 // NVD: CVE-2024-13948

SOURCES

db:CNVDid:CNVD-2025-13423
db:NVDid:CVE-2024-13948

LAST UPDATE DATE

2025-06-27T23:13:48.458000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-13423date:2025-06-25T00:00:00
db:NVDid:CVE-2024-13948date:2025-05-23T15:54:42.643

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-13423date:2025-06-25T00:00:00
db:NVDid:CVE-2024-13948date:2025-05-22T19:15:38.457