Summary: ABB has issued a cybersecurity advisory regarding several critical vulnerabilities in its FLXeon controllers, which could lead to remote code execution, unauthorized access, and information disclosure. The vulnerabilities, affecting firmware versions 9.3.4 and older, are classified as CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852, with high CVSS scores. Customers are urged to upgrade to firmware version 9.3.5 to address these issues.
Affected: ABB FLXeon controllers
Keypoints :
- CVE-2024-48841 (CVSS 10.0): Allows remote code execution through improper control of filenames in PHP programs.
- CVE-2024-48849 (CVSS 9.4): Inadequate session management enables unauthorized HTTPS requests, compromising authentication.
- CVE-2024-48852 (CVSS 9.4): Sensitive data may be disclosed via HTTPS, risking confidentiality of information.
- ABB advises that FLXeon devices should not be internet-facing and must be protected behind firewalls.
- Customers are strongly recommended to update to firmware version 9.3.5 to mitigate these vulnerabilities.
Source: https://securityonline.info/abb-advisory-warns-of-cve-2024-48841-rce-threat-with-cvss-10-0-severity/