CRITICAL🇵🇱 Wersja polska

CVE-2024-48841

CVSS 10.0v4.0pub. 2025-01-27upd. 2026-04-15

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.

🤖 AI Analysis
How it works

An attacker with network access to the FLXEON device can send a specially crafted request that leads to execution of arbitrary system commands (command injection, CWE-77). The vulnerability does not require authentication, user interaction, or special attack conditions. Code execution occurs with elevated privileges, giving the attacker full control of the system.

Impact

An attacker can remotely take full control of the device by executing arbitrary code with elevated privileges, which may lead to violation of confidentiality, integrity, and availability of both the device itself and systems connected to it.

Mitigation & patch

Apply patches available from the manufacturer according to references (ABB documentation number 9AKK108470A5684). Until the update is implemented, it is recommended to isolate FLXEON devices from untrusted networks and restrict network access to the minimum through firewall or network segmentation.

Who is affected

ABB FLXEON version 9.3.4 and earlier.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References