CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 121140 / 279
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-51546 Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 8.7 1.47% 2024-12-05 2026-06-17
CVE-2024-51545 Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 9.3 0.42% 2024-12-05 2026-06-17
CVE-2024-51544 Service Control vulnerabilities allow access to service restart requests and vm configuration settings.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 8.8 13.52% 2024-12-05 2026-06-17
CVE-2024-51543 Information Disclosure vulnerabilities allow access to application configuration information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 8.8 0.29% 2024-12-05 2026-06-17
CVE-2024-51542 Configuration Download vulnerabilities allow access to dependency configuration information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 8.8 0.30% 2024-12-05 2026-06-17
CVE-2024-51541 Local File Inclusion vulnerabilities allow access to sensitive system information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 8.8 0.29% 2024-12-05 2026-06-17
CVE-2024-48847 MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes.  Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01 8.8 0.26% 2024-12-05 2026-06-17
CVE-2024-48846 Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 7.1 0.66% 2024-12-05 2026-06-17
CVE-2024-48845 Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 9.3 1.80% 2024-12-05 2026-06-17
CVE-2024-48844 Denial of Service vulnerabilities where found providing a potiential for device service disruptions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 7.2 0.86% 2024-12-05 2026-06-17
CVE-2024-48843 Denial of Service vulnerabilities where found providing a potiential for device service disruptions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 7.6 0.27% 2024-12-05 2026-06-17
CVE-2024-48840 Unauthorized Access vulnerabilities allow Remote Code Execution.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 9.3 2.07% 2024-12-05 2026-06-17
CVE-2024-48839 Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 9.3 2.85% 2024-12-05 2026-06-17
CVE-2024-11317 Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 9.3 0.43% 2024-12-05 2026-06-17
CVE-2024-11316 Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 8.7 0.58% 2024-12-05 2026-06-17
CVE-2024-10490 An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Autom 8.4 0.46% 2024-12-02 2026-06-17
CVE-2024-8036 ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node. 4.6 0.14% 2024-10-25 2026-06-17
CVE-2024-6157 An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below.  This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 5.1 0.15% 2024-10-10 2026-06-17
CVE-2024-5624 Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session 5.1 0.24% 2024-08-29 2026-06-17
CVE-2024-5623 An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges. 5.4 0.17% 2024-08-29 2026-06-17
cvelogic Threat Intelligence