PatchSiren cyber security CVE debrief
CVE-2024-51547 ABB CVE debrief
CVE-2024-51547 is a critical firmware credential exposure issue affecting ABB ASPECT®-Enterprise and related NEXUS/MATRIX series products. CISA’s advisory published on 2025-02-05 states that several hard-coded credentials for product internal use are stored in the firmware as plain text, with affected releases including ASP-ENT-x, NEX-2x, NEXUS-3-x, and MAT-x up to version 3.08.03. The advisory rates the issue CVSS 3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and recommends immediate isolation of internet-exposed systems, tighter physical access control, secure remote access, log protection, and firmware updates.
- Vendor
- ABB
- Product
- ASPECT®-Enterprise
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-05
- Original CVE updated
- 2025-02-05
- Advisory published
- 2025-02-05
- Advisory updated
- 2025-02-05
Who should care
OT/ICS operators, plant engineers, asset owners, and security teams responsible for ABB ASPECT-Enterprise, NEXUS, or MATRIX deployments—especially any devices reachable from the internet or through remote access paths.
Technical summary
The advisory identifies hard-coded internal-use credentials embedded in firmware as plain text, which can create a severe access-control weakness if the firmware is obtained or the credentials are otherwise discovered. Affected products listed in the CSAF advisory are ASP-ENT-x <= 3.08.03, NEX-2x <= 3.08.03, NEXUS-3-x <= 3.08.03, and MAT-x <= 3.08.03. The published CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network-reachable, no-privilege attack conditions with potentially complete confidentiality, integrity, and availability impact.
Defensive priority
Immediate / highest priority for any exposed ABB ASPECT-Enterprise, NEXUS, or MATRIX deployment.
Recommended defensive actions
- Inventory ABB ASPECT-Enterprise, NEXUS, NEXUS-3-x, and MATRIX devices and confirm whether any are running version 3.08.03 or earlier.
- If any affected systems are exposed directly to the internet or via NAT port forwarding, disconnect them until they are upgraded and access controls are reviewed.
- Upgrade all affected ABB firmware to the latest version available from the vendor product homepage.
- Restrict physical access to devices, peripheral equipment, and associated networks to prevent unauthorized access to the firmware or supporting assets.
- Protect exported log files and other downloaded equipment data against unauthorized access.
- Use only secure remote-access methods; if VPN is required, ensure it is current and configured securely.
- Review authentication and access-control assumptions for any integrations or maintenance workflows that may rely on embedded credentials.
Evidence notes
This debrief is based on the CISA CSAF advisory for ICSA-25-051-01 and the linked ABB/CISA references supplied in the corpus. The source states only that several hard-coded credentials for internal product use are present in firmware as plain text, and it identifies the affected ABB product families and versions. No exploit chain, public exploitation, or KEV listing is provided in the supplied corpus, so those details are not asserted here.
Official resources
-
CVE-2024-51547 CVE record
CVE.org
-
CVE-2024-51547 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory published by CISA on 2025-02-05. The supplied enrichment does not list this CVE in CISA KEV as of the advisory record.