VARIoT IoT vulnerabilities database
| VAR-202505-2079 | CVE-2022-31812 | Siemens' SiPass integrated Out-of-bounds read vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: High |
A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition. Siemens' SiPass integrated Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202505-2761 | CVE-2024-13945 | ABB multiple products path traversal vulnerability (CNVD-2025-13774) |
CVSS V2: 7.3 CVSS V3: 6.0 Severity: High |
Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data
if administrator credentials become compromised.
This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications
| VAR-202505-4248 | CVE-2024-51553 | ABB products predict file name vulnerability |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: High |
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT and others are products of ABB of Switzerland. ABB ASPECT is a scalable building energy management and control solution. ABB MATRIX is an embedded building automation network controller. ABB NEXUS is a wireless and wired solution.
Many ABB products have a predictive file name vulnerability, which can be exploited by attackers to leak sensitive information
| VAR-202505-3144 | CVE-2024-51552 | ABB products have weak password storage vulnerabilities |
CVSS V2: 7.3 CVSS V3: 6.0 Severity: High |
Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT is a scalable building energy management and control solution. ABB MATRIX is an embedded building automation network controller. ABB NEXUS is a wireless and wired solution
| VAR-202505-3345 | CVE-2024-48848 | Denial of Service Vulnerabilities in Multiple ABB Products |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: High |
Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT and others are products of ABB of Switzerland. ABB ASPECT is a scalable building energy management and control solution. ABB MATRIX is an embedded building automation network controller. ABB NEXUS is a wireless and wired solution.
Many ABB products have a denial of service vulnerability, which is caused by disk overuse. Attackers can exploit this vulnerability to cause system resource exhaustion
| VAR-202505-3887 | CVE-2024-13958 | ABB products have cross-site scripting vulnerabilities (CNVD-2025-13777) |
CVSS V2: 4.7 CVSS V3: 4.8 Severity: Medium |
Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB has a cross-site scripting vulnerability in many products. No detailed vulnerability details are currently available
| VAR-202505-4265 | CVE-2024-13956 | ABB products have trust management vulnerabilities |
CVSS V2: 8.0 CVSS V3: 6.7 Severity: High |
SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB products have a trust management issue vulnerability, which is caused by credential leakage and may lead to SSL authentication bypass. No detailed vulnerability details are provided at this time
| VAR-202505-4071 | CVE-2024-13955 | SQL injection vulnerabilities in multiple ABB products |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: Critical |
2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB products have a SQL injection vulnerability that can lead to a second-order SQL injection attack due to credential leakage. An attacker can use this vulnerability to view, add, modify or delete information in the backend database
| VAR-202505-2760 | CVE-2024-13954 | ABB multiple product information leakage vulnerability (CNVD-2025-13421) |
CVSS V2: 5.8 CVSS V3: 6.5 Severity: Medium |
Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB has an information disclosure vulnerability in many products, which is caused by the insecure storage of sensitive information. Attackers can exploit this vulnerability to obtain serialized configuration information
| VAR-202505-2598 | CVE-2024-13953 | ABB products have information leakage vulnerabilities |
CVSS V2: 6.1 CVSS V3: 4.9 Severity: Medium |
Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB has information leakage vulnerabilities in many products
| VAR-202505-3718 | CVE-2024-13952 | ABB products have code injection vulnerabilities |
CVSS V2: 8.3 CVSS V3: 8.4 Severity: High |
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB products have a code injection vulnerability that may lead to file name prediction attacks due to credential leakage. No detailed vulnerability details are currently available
| VAR-202505-3350 | CVE-2024-13951 | ABB multiple product information leakage vulnerability (CNVD-2025-13332) |
CVSS V2: 8.0 CVSS V3: 7.6 Severity: Medium |
One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB has information leakage vulnerabilities in many products
| VAR-202505-2938 | CVE-2024-13950 | ABB products have cross-site scripting vulnerabilities |
CVSS V2: 6.1 CVSS V3: 6.8 Severity: Medium |
Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB has a cross-site scripting vulnerability in many products that can be exploited by attackers to access and inject malicious browser scripts
| VAR-202505-2939 | CVE-2024-13949 | ABB products have security bypass vulnerabilities |
CVSS V2: 6.1 CVSS V3: 6.8 Severity: Medium |
Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB has a security bypass vulnerability in multiple products. The vulnerability is caused by credential leakage, which may lead to excessive disk usage. No detailed vulnerability details are currently provided
| VAR-202505-3533 | CVE-2024-13948 | ABB multiple product information leakage vulnerability (CNVD-2025-13423) |
CVSS V2: 5.2 CVSS V3: 7.3 Severity: Medium |
Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB products have information disclosure vulnerabilities caused by incorrect default permissions. Attackers can exploit this vulnerability to obtain sensitive configuration information
| VAR-202505-4266 | CVE-2024-13947 | ABB multiple product information leakage vulnerability (CNVD-2025-13425) |
CVSS V2: 7.3 CVSS V3: 6.0 Severity: High |
Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB products have information disclosure vulnerabilities caused by incorrect default permissions. Attackers can exploit this vulnerability to obtain sensitive configuration information
| VAR-202505-4072 | CVE-2024-13946 | ABB's multiple product code vulnerabilities |
CVSS V2: 6.4 CVSS V3: 6.8 Severity: High |
DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB has a code issue vulnerability in many products, which is caused by an uncontrolled search path element defect. An attacker can exploit this vulnerability to execute arbitrary code on the system
| VAR-202505-4019 | CVE-2025-30172 | ABB multiple products code injection vulnerability (CNVD-2025-13765) |
CVSS V2: 6.8 CVSS V3: 8.0 Severity: High |
Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB NEXUS Series is a monitoring and management system. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB has a code injection vulnerability in many products that can be exploited by attackers to execute code
| VAR-202505-3492 | CVE-2025-30170 | ABB multiple product information leakage vulnerability (CNVD-2025-13766) |
CVSS V2: 6.8 CVSS V3: 5.5 Severity: Medium |
Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised.
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications
| VAR-202505-3302 | CVE-2025-30169 | ABB multiple product code issues vulnerability (CNVD-2025-13598) |
CVSS V2: 8.0 CVSS V3: 6.7 Severity: Medium |
File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised.
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. ABB ASPECT-Enterprise is a scalable building energy management and control solution. ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications.
ABB has a code issue vulnerability in many products that can be exploited by attackers to cause PHP script injection