CVE-2024-4007 HIGH

CVE-2024-4007: Hard coded default credential contained in install package

Vendor Abb
Product ASPECT Enterprise (ASP-ENT-x)
Weakness CWE-1392
Published July 1, 2024
Last update August 1, 2024

CVSS base score

8.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Red

What the vulnerability does

01Description

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.

Key dates

02Disclosure timeline

July 1, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE