1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: ABB
- Equipment: ASPECT, NEXUS, MATRIX
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, Classic Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to assume control of the target device or perform a denial-of-service (DoS) attack.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
ABB reports that the following products are affected:
- ABB ASPECT-Enterprise ASP-ENT-x: Versions prior to 3.08.04-s01
- ABB NEXUS Series NEX-2x: Versions prior to 3.08.04-s01
- ABB NEXUS Series NEXUS-3-x: Versions prior to 3.08.04-s01
- ABB MATRIX Series MAT-x: Versions prior to 3.08.04-s01
3.2 VULNERABILITY OVERVIEW
3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prior authentication. This issue affects all versions of ASPECT prior to 3.08.04-s01.
CVE-2025-53187 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-53187. A base score of 9.3 has been calculated
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: