ABB ASPECT-Enterprise, NEXUS, and MATRIX Series

Act Now9.8ICS-CERT ICSA-25-051-01Feb 20, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB ASPECT-Enterprise, NEXUS, and MATRIX series controllers contain an authentication bypass vulnerability (CWE-798: hardcoded credentials or similar). Successful exploitation allows an attacker to gain unauthorized access to affected devices without providing valid credentials. Affected versions are ASPECT-Enterprise ≤3.08.03, NEXUS-2x ≤3.08.03, NEXUS-3-x ≤3.08.02, and MATRIX ≤3.08.03. ABB has not released patches for these products and recommends network isolation, firewall protection, and firmware updates to the latest available versions as mitigations.

What this means

What could happen

An attacker can gain unauthorized access to ABB automation controllers without credentials, potentially allowing them to modify production sequences, alter safety parameters, or halt manufacturing operations entirely.

Who's at risk

Manufacturing facilities using ABB ASPECT-Enterprise, NEXUS, or MATRIX series automation controllers for production sequencing, process control, or safety-critical functions. This includes discrete manufacturing plants, chemical processing facilities, and any operation relying on these controllers for core operations.

How it could be exploited

An attacker with network access to an exposed ASPECT, NEXUS, or MATRIX device can send a specially crafted request to bypass authentication mechanisms and obtain direct access to device functions. This could occur if the device is exposed to the Internet via port forwarding or direct ISP connection, or reachable from a compromised internal network.

Prerequisites

Network connectivity to the affected device on its management or protocol port
Device running vulnerable firmware version 3.08.03 or earlier
Device exposed to Internet or untrusted network (not required if attacker has internal access)

remotely exploitableno authentication requiredlow complexityno patch availableaffects industrial control systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

4 EOL

ProductAffected VersionsFix Status

MAT-x <=3.08.03≤ 3.08.03No fix (EOL)

ASP-ENT-x <= 3.08.03≤ 3.08.03No fix (EOL)

NEX-2x <=3.08.03≤ 3.08.03No fix (EOL)

NEXUS-3-x <=3.08.03≤ 3.08.02No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDImmediately disconnect any ASPECT-Enterprise, NEXUS, or MATRIX device directly exposed to the Internet or accessible via NAT port forwarding

HARDENINGSegment ASPECT automation devices behind firewalls on isolated industrial network; block inbound access from the Internet and untrusted networks

HARDENINGRequire VPN for any remote access to ASPECT devices; ensure VPN software is updated to the latest version and uses strong authentication

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade all ASPECT products to the latest available firmware version from ABB

HARDENINGImplement physical access controls to prevent unauthorized personnel from accessing devices, components, and network cables

HARDENINGSecure access to log files and configuration data exported from ASPECT equipment; use encryption and restrict file access

CVEs (1)

CVE-2024-51547

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c6d36a57-7066-4327-819e-e5d98e43e8fe