Sign-up

ID

VAR-202505-4062


CVE

CVE-2024-48850


TITLE

ABB Multiple Product Catalog Traversal Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2025-13772

DESCRIPTION

Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications

Trust: 1.44

sources: NVD: CVE-2024-48850 // CNVD: CNVD-2025-13772

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-13772

AFFECTED PRODUCTS

vendor:abbmodel:aspect-enterprisescope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:nexus seriesscope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:matrix seriesscope:lteversion:<=3.08.03

Trust: 0.6

sources: CNVD: CNVD-2025-13772

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@ch.abb.com: CVE-2024-48850
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-13772
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-13772
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cybersecurity@ch.abb.com: CVE-2024-48850
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-13772 // NVD: CVE-2024-48850

PROBLEMTYPE DATA

problemtype:CWE-36

Trust: 1.0

sources: NVD: CVE-2024-48850

PATCH

title:Patch for ABB Multiple Product Catalog Traversal Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/702306

Trust: 0.6

sources: CNVD: CNVD-2025-13772

EXTERNAL IDS

db:NVDid:CVE-2024-48850

Trust: 1.6

db:CNVDid:CNVD-2025-13772

Trust: 0.6

sources: CNVD: CNVD-2025-13772 // NVD: CVE-2024-48850

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=9akk108471a0021&languagecode=en&documentpartid=pdf&action=launch

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-48850

Trust: 0.6

sources: CNVD: CNVD-2025-13772 // NVD: CVE-2024-48850

SOURCES

db:CNVDid:CNVD-2025-13772
db:NVDid:CVE-2024-48850

LAST UPDATE DATE

2025-06-27T23:05:13.902000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-13772date:2025-06-26T00:00:00
db:NVDid:CVE-2024-48850date:2025-05-23T15:55:02.040

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-13772date:2025-06-26T00:00:00
db:NVDid:CVE-2024-48850date:2025-05-22T17:15:23.050