CVE-2024-51549— Absolute Path Traversal

CVSS 10.0 · Critical EPSS 0.30% · P53 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-51549

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Absolute Path Traversal

Source: NVD (National Vulnerability Database)

Vulnerability Description

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

绝对路径遍历

Source: NVD (National Vulnerability Database)

Vulnerability Title

ABB ASPECT 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ABB ASPECT是瑞士ABB公司的一个可扩展建筑能源管理和控制解决方案。 ABB ASPECT存在安全漏洞，该漏洞源于包含一个绝对文件遍历漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
ABB	ASPECT-Enterprise	0 ~ 3.08.02	-
ABB	NEXUS Series	0 ~ 3.08.02	-
ABB	MATRIX Series	0 ~ 3.08.02	-

II. Public POCs for CVE-2024-51549

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-51549

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2024-51549

Same Patch Batch · ABB · 2024-12-05 · 24 CVEs total

CVE-2024-51555	10.0 CRITICAL	Force Change of Default Credentials
CVE-2024-51551	10.0 CRITICAL	Default Credentials
CVE-2024-51550	10.0 CRITICAL	Data Validation / Sanitization
CVE-2024-51545	10.0 CRITICAL	Username Enumeration
CVE-2024-11317	10.0 CRITICAL	PHP Session Fixation
CVE-2024-48839	10.0 CRITICAL	Remote Code Execution, RCE
CVE-2024-48840	10.0 CRITICAL	Unauthorized Access
CVE-2024-51548	9.9 CRITICAL	Dangerous File Upload
CVE-2024-6784	9.9 CRITICAL	SSRF Server Side Request Forgery
CVE-2024-6515	9.6 CRITICAL	unauthorized file access
CVE-2024-48845	9.4 CRITICAL	Weak Password Rules/Strength
CVE-2024-51554	9.1 CRITICAL	off-by-one-error
CVE-2024-6516	9.0 CRITICAL	Cross Site Scripting XSS
CVE-2024-48847	8.2 HIGH	MD5 bypass operation
CVE-2024-51541	8.2 HIGH	Local File Inclusion
CVE-2024-51542	8.2 HIGH	Configuration Download
CVE-2024-51543	8.2 HIGH	Information Disclosure
CVE-2024-51544	8.2 HIGH	Service Control
CVE-2024-48844	7.7 HIGH	Denial of Service, DoS
CVE-2024-48843	7.7 HIGH	Denial of Service, DoS

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: ASPECT-Enterprise

Same vendor: ABB

Same weakness: CWE-36

V. Comments for CVE-2024-51549

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-51549— Absolute Path Traversal

I. Basic Information for CVE-2024-51549

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-51549

III. Intelligence Information for CVE-2024-51549

Same Patch Batch · ABB · 2024-12-05 · 24 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-51549

Leave a comment