ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products
Act Now10ICS-CERT ICSA-25-007-01Jan 7, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple critical vulnerabilities exist in ABB ASPECT-Enterprise, NEXUS, and MATRIX series products affecting firmware versions 3.08.02 and earlier. Vulnerabilities include authentication bypasses (CWE-352), improper input validation (CWE-79, CWE-36), unsafe deserialization (CWE-502), cross-site request forgery (CWE-352), and code injection flaws (CWE-94, CWE-98) that allow remote code execution without credentials. The vulnerability set spans 20 distinct CVEs with a combined CVSS score of 10.0. ABB has released patched versions 3.08.02 and 3.08.03 to address these issues.
What this means
What could happen
An attacker could disrupt manufacturing operations or execute commands on ASPECT-Enterprise, NEXUS, or MATRIX control system devices. Multiple critical vulnerabilities could allow remote code execution without authentication, potentially altering process setpoints, stopping equipment, or compromising operational visibility.
Who's at risk
Manufacturing organizations using ABB ASPECT-Enterprise (ASP-ENT-x), NEXUS (NEX-2x, NEXUS-3-x), or MATRIX (MAT-x) series automation and control systems should prioritize patching. These systems are typically deployed in production lines, manufacturing execution, and real-time process control roles.
How it could be exploited
An attacker on the network (or from the Internet if the device is exposed) can send malicious requests to the vulnerable control system. The combination of authentication bypasses, input validation flaws, and unsafe handling of user input allows the attacker to execute arbitrary code or commands directly on the device without needing valid credentials. The high CVSS score (10.0) and multiple CWEs (including code injection, CSRF, and path traversal) indicate multiple independent exploitation paths.
Prerequisites
- Network reachability to the affected ABB control system device (port and protocol dependent on specific vulnerability)
- No valid credentials required for exploitation
- Device must be running a vulnerable firmware version (3.08.02 or earlier for most vulnerabilities, 3.07.02 or earlier for CVE-2024-48845 and CVE-2024-51551/51555)
Remotely exploitable from networkNo authentication required for most attack pathsLow complexity exploitationCVSS score 10.0 (critical)EPSS score 41.6% (high exploit probability)Affects multiple product lines with widespread deploymentMultiple independent vulnerability chains (20+ CVEs)
Exploitability
High exploit probability (EPSS 41.6%)
Affected products (12)
12 with fix
ProductAffected VersionsFix Status
ASP-ENT-x <=3.08.01≤ 3.08.01>=3.08.02
NEX-2x <=3.08.01≤ 3.08.01>=3.08.02
MAT-x <=3.08.01≤ 3.08.01>=3.08.02
NEXUS-3-x <=3.08.01≤ 3.08.01>=3.08.02
ASP-ENT-x <=3.08.02≤ 3.08.02>=3.08.02
NEX-2x <=3.08.02≤ 3.08.02>=3.08.02
NEXUS-3-x <=3.08.02≤ 3.08.02>=3.08.02
MAT-x <=3.08.02≤ 3.08.02>=3.08.02
Remediation & Mitigation
0/6
Do now
0/2HARDENINGIsolate ASPECT-Enterprise, NEXUS, and MATRIX control systems from the Internet and business networks using a firewall or air gap
HARDENINGRestrict network access to these control systems to only authorized engineering and operational staff, blocking all unnecessary inbound connections
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate ASPECT-Enterprise, NEXUS, and MATRIX series devices to firmware version 3.08.03 or later to resolve the majority of reported vulnerabilities
HOTFIXFor devices on firmware 3.07.02 or earlier that cannot immediately update to 3.08.03, update to at least version 3.08.00 to resolve CVE-2024-48845, CVE-2024-51551, and CVE-2024-51555
Long-term hardening
0/2HARDENINGDeploy network segmentation to ensure control system devices are on a separate VLAN or subnet from IT infrastructure
HARDENINGIf remote access is required, implement a VPN with multi-factor authentication and keep VPN software updated to the latest version
CVEs (26)
CVE-2024-6515CVE-2024-6516CVE-2024-6784CVE-2024-48843CVE-2024-48844CVE-2024-48846CVE-2024-48839CVE-2024-48840CVE-2024-51541CVE-2024-51542CVE-2024-51543CVE-2024-51544CVE-2024-51545CVE-2024-51546CVE-2024-51548CVE-2024-51549CVE-2024-51550CVE-2024-51554CVE-2024-11316CVE-2024-11317CVE-2024-48845CVE-2024-51551CVE-2024-51555CVE-2024-6209CVE-2024-6298CVE-2024-48847
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/5f1db007-ea09-47c7-889d-de27bc823c7f