Sign-up

ID

VAR-202505-4266


CVE

CVE-2024-13947


TITLE

ABB multiple product information leakage vulnerability (CNVD-2025-13425)

Trust: 0.6

sources: CNVD: CNVD-2025-13425

DESCRIPTION

Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ABB products have information disclosure vulnerabilities caused by incorrect default permissions. Attackers can exploit this vulnerability to obtain sensitive configuration information

Trust: 1.44

sources: NVD: CVE-2024-13947 // CNVD: CNVD-2025-13425

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-13425

AFFECTED PRODUCTS

vendor:abbmodel:aspect-enterprisescope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:nexus seriesscope:lteversion:<=3.08.03

Trust: 0.6

vendor:abbmodel:matrix seriesscope:lteversion:<=3.08.03

Trust: 0.6

sources: CNVD: CNVD-2025-13425

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@ch.abb.com: CVE-2024-13947
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-13425
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-13425
severity: HIGH
baseScore: 7.3
vectorString: AV:N/AC:L/AU:M/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cybersecurity@ch.abb.com: CVE-2024-13947
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 4.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-13425 // NVD: CVE-2024-13947

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

sources: NVD: CVE-2024-13947

PATCH

title:Patch for ABB multiple product information leakage vulnerability (CNVD-2025-13425)url:https://www.cnvd.org.cn/patchInfo/show/701786

Trust: 0.6

sources: CNVD: CNVD-2025-13425

EXTERNAL IDS

db:NVDid:CVE-2024-13947

Trust: 1.6

db:CNVDid:CNVD-2025-13425

Trust: 0.6

sources: CNVD: CNVD-2025-13425 // NVD: CVE-2024-13947

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=9akk108471a0021&languagecode=en&documentpartid=pdf&action=launch

Trust: 1.6

sources: CNVD: CNVD-2025-13425 // NVD: CVE-2024-13947

SOURCES

db:CNVDid:CNVD-2025-13425
db:NVDid:CVE-2024-13947

LAST UPDATE DATE

2025-06-27T23:18:36.908000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-13425date:2025-06-25T00:00:00
db:NVDid:CVE-2024-13947date:2025-05-23T15:54:42.643

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-13425date:2025-06-25T00:00:00
db:NVDid:CVE-2024-13947date:2025-05-22T19:15:38.280