Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2024-48845

CVE-2024-48845: ABB ASPECT Firmware Auth Bypass Flaw

CVE-2024-48845 is an authentication bypass vulnerability in ABB ASPECT-ENT-2 firmware caused by weak password reset rules. This flaw enables unauthorized admin access. Explore technical details, affected versions, and mitigations.

Updated:

CVE-2024-48845 Overview

CVE-2024-48845 is a weak password requirements vulnerability [CWE-521] affecting ABB ASPECT Enterprise, NEXUS Series, and MATRIX Series building automation controllers running firmware v3.07.02. The password reset rules permit users to store weak passwords, exposing administrative and application accounts to unauthorized access. An unauthenticated network attacker can target the affected controllers to gain administrative control over building management functions.

Critical Impact

Attackers can leverage weak passwords to obtain administrative or application-level access to ABB building automation controllers, compromising confidentiality and integrity of industrial control system operations.

Affected Products

  • ABB ASPECT - Enterprise v3.07.02 (ASPECT-Ent-2, ASPECT-Ent-12, ASPECT-Ent-96, ASPECT-Ent-256)
  • ABB NEXUS Series v3.07.02 (NEXUS-2128, NEXUS-264, NEXUS-3-2128, NEXUS-3-264, and -A/-F/-G variants)
  • ABB MATRIX Series v3.07.02 (MATRIX-11, MATRIX-216, MATRIX-232, MATRIX-264, MATRIX-296)

Discovery Timeline

  • 2024-12-05 - CVE-2024-48845 published to NVD
  • 2025-02-27 - Last updated in NVD database

Technical Details for CVE-2024-48845

Vulnerability Analysis

The vulnerability stems from insufficient password complexity enforcement in the password reset workflow of ABB ASPECT, NEXUS, and MATRIX controllers. The affected firmware accepts passwords that do not meet adequate strength requirements, allowing operators to set short, predictable, or easily guessable credentials for administrative and application accounts. Because these controllers expose web-based management interfaces, attackers can attempt credential guessing or brute-force attacks against publicly reachable devices.

The weakness is classified under [CWE-521: Weak Password Requirements]. The vulnerability is exploitable over the network without authentication or user interaction, and the EPSS probability is 5.468% at the 90th percentile, indicating elevated likelihood of exploitation activity compared to most published CVEs.

Root Cause

The affected firmware does not enforce a sufficient password policy during password creation or reset. Specifically, the password validation logic fails to require minimum length, character class diversity, or rejection of common dictionary terms. Stored credentials therefore include weak entries that fall within the search space of automated password attacks.

Attack Vector

An unauthenticated attacker with network access to the controller management interface can perform credential-guessing attacks against administrator or application accounts. Building automation controllers commonly bridge IT and operational technology networks, and ASPECT/NEXUS/MATRIX devices have been observed exposed to the public internet. Successful exploitation yields administrative or application-level access to building management functions, including HVAC, lighting, and access control subsystems.

No verified public proof-of-concept code is available for this issue. Refer to the ABB Security Advisory for vendor technical details.

Detection Methods for CVE-2024-48845

Indicators of Compromise

  • Repeated failed authentication attempts against ASPECT, NEXUS, or MATRIX web management endpoints from a single or distributed source
  • Successful administrator logins from unexpected geographic locations or outside maintenance windows
  • Unexpected changes to user accounts, password policies, or scheduled automation tasks on affected controllers
  • New or modified application-level credentials not aligned with change management records

Detection Strategies

  • Audit current password databases on affected controllers for entries that fall below acceptable complexity thresholds
  • Correlate authentication logs from ABB controllers with network access logs to identify brute-force or credential-stuffing patterns
  • Monitor for HTTP POST traffic to login and password-reset endpoints with high request rates from a single source
  • Cross-reference administrator session activity against approved engineering workstation inventories

Monitoring Recommendations

  • Forward ABB controller authentication and audit logs to a centralized SIEM for retention and analysis
  • Configure alerts on consecutive failed logins followed by a successful login from the same source IP
  • Track configuration export and account-modification events on building automation controllers
  • Periodically scan management network segments for unauthorized exposure of ABB controller interfaces

How to Mitigate CVE-2024-48845

Immediate Actions Required

  • Apply firmware updates referenced in the ABB security advisory to all ASPECT, NEXUS, and MATRIX controllers running v3.07.02
  • Force a password reset for every administrator and application account after upgrading, enforcing strong complexity rules
  • Remove direct internet exposure of controller web management interfaces and restrict access to engineering VLANs
  • Inventory all ABB building automation devices to confirm patch coverage across ASPECT, NEXUS, and MATRIX product lines

Patch Information

ABB has published remediation guidance in the vendor advisory. Refer to the ABB Security Advisory 9AKK108469A7497 for the corrected firmware versions and upgrade procedures applicable to each affected model.

Workarounds

  • Place controllers behind a firewall or VPN and limit management access to a restricted set of jump hosts
  • Implement network-level rate limiting and account lockout policies in front of the controller management interfaces
  • Require multi-factor authentication on upstream remote-access gateways used to reach OT networks
  • Conduct a manual audit of stored credentials and replace any weak passwords with values meeting organizational policy
bash
# Example: Restrict access to ABB controller management interface using iptables
# Allow only the engineering subnet, drop all other inbound HTTPS traffic
iptables -A INPUT -p tcp -s 10.20.30.0/24 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.