Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

FLXEON

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2024-48852
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-6.9||MEDIUM
EPSS-1.34% / 79.27%
||
7 Day CHG+0.09%
Published-29 Jan, 2025 | 18:59
Updated-12 Feb, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosures

Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4.

Action-Not Available
Vendor-ABB
Product-FLXEON
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-48849
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.74%
||
7 Day CHG+0.01%
Published-29 Jan, 2025 | 18:23
Updated-29 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication and Authorization Issues

Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.

Action-Not Available
Vendor-ABB
Product-FLXEON
CWE ID-CWE-1385
Missing Origin Validation in WebSockets
CVE-2024-48841
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-10||CRITICAL
EPSS-2.83% / 85.65%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 19:25
Updated-14 Feb, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution (RCE) Vulnerabilities

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.

Action-Not Available
Vendor-ABB
Product-FLXEON
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')