ABB ASPECT-Enterprise, NEXUS, and MATRIX Series

Plan PatchCVSS 9.8ICS-CERT ICSA-25-051-01Feb 5, 2025

ABBEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB ASPECT-Enterprise, NEXUS, and MATRIX series devices (firmware version 3.08.03 and earlier) contain an authentication bypass vulnerability (CWE-798: hardcoded credentials or equivalent). An attacker can obtain unauthorized access to devices without proper credentials. ABB has not released patches for any of these product lines and recommends workarounds including disconnecting exposed devices, enforcing network segregation, and using secure remote access methods only when necessary.

What this means

What could happen

An attacker could gain unauthorized access to ABB ASPECT, NEXUS, or MATRIX control system devices without credentials, potentially allowing them to modify process settings, disable safety interlocks, or shut down critical operations.

Who's at risk

Energy utilities and manufacturing facilities operating ABB ASPECT-Enterprise, NEXUS, or MATRIX series automation controllers should assess whether these devices are exposed on networks or the Internet. End-of-life equipment without vendor patches will require network isolation to be safe.

How it could be exploited

An attacker on the network where these devices are reachable could bypass authentication and directly access the device management interface or command structure. If the device is exposed to the Internet (via direct connection or port forwarding), the attacker does not need to be on your internal network.

Prerequisites

Network access to the affected ABB device (can be remote if exposed to Internet)
No credentials required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)no patch available (all affected versions end-of-life)affects control system devices that can alter operations

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (4)

4 EOL

ProductAffected VersionsFix Status

MAT-x <=3.08.03≤ 3.08.03No fix (EOL)

ASP-ENT-x <= 3.08.03≤ 3.08.03No fix (EOL)

NEX-2x <=3.08.03≤ 3.08.03No fix (EOL)

NEXUS-3-x <=3.08.03≤ 3.08.02No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDImmediately disconnect from the Internet any ABB ASPECT, NEXUS, or MATRIX device that is directly exposed (either via direct ISP connection or NAT port forwarding)

HARDENINGIf remote access to ABB devices is required, deploy a secure VPN connection and ensure the VPN is updated to the latest version

HARDENINGRestrict network access to ABB devices using firewall rules; devices should be reachable only from authorized workstations or engineering networks, not from the general corporate network or Internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement physical access controls to prevent unauthorized personnel from connecting to or modifying ABB device configurations

HARDENINGProtect log files downloaded from ABB devices with access controls to prevent unauthorized review or tampering

CVEs (1)

CVE-2024-51547

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c6d36a57-7066-4327-819e-e5d98e43e8fe

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.