Skip to main content

CVE-2024-13947: CWE-863 Incorrect Authorization in ABB ASPECT-Enterprise

High
VulnerabilityCVE-2024-13947cvecve-2024-13947cwe-863
Published: Thu May 22 2025 (05/22/2025, 18:13:28 UTC)
Source: CVE
Vendor/Project: ABB
Product: ASPECT-Enterprise

Description

Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

AI-Powered Analysis

AILast updated: 07/08/2025, 07:10:31 UTC

Technical Analysis

CVE-2024-13947 is a high-severity vulnerability classified under CWE-863 (Incorrect Authorization) affecting ABB's ASPECT-Enterprise and related products including the NEXUS and MATRIX Series through version 3.*. The vulnerability allows an external actor to modify device commissioning parameters if administrative credentials are compromised. This indicates that once an attacker gains administrative-level credentials, they can bypass proper authorization checks to alter critical configuration settings on the affected systems. The vulnerability is network exploitable (AV:N) with low attack complexity (AC:L), but requires privileged access (PR:H) and partial authentication (AT:P). No user interaction is needed (UI:N). The impact on confidentiality is high, while integrity and availability impacts are low to limited. The scope is high, meaning the vulnerability affects components beyond the initially vulnerable component. The vulnerability is currently not known to be exploited in the wild and no patches have been linked yet. The affected products are industrial control and enterprise management systems used for device commissioning and operational management, which are critical in industrial automation environments. Incorrect authorization here can lead to unauthorized changes in device configurations, potentially causing operational disruptions or safety risks if maliciously altered.

Potential Impact

For European organizations, especially those in critical infrastructure sectors such as energy, manufacturing, and utilities that rely on ABB's ASPECT-Enterprise and associated control systems, this vulnerability poses a significant risk. Unauthorized modification of device commissioning parameters could lead to misconfiguration, operational downtime, or safety incidents. Given the reliance on these systems for industrial automation, the integrity of operational technology (OT) environments could be compromised, potentially affecting production continuity and safety compliance. The high confidentiality impact also raises concerns about sensitive operational data exposure. Since administrative credentials are required for exploitation, the threat is heightened in environments where credential management is weak or where insider threats exist. The lack of known exploits in the wild provides a window for proactive mitigation, but the high severity score underscores the urgency for European organizations to address this vulnerability promptly.

Mitigation Recommendations

1. Enforce strict administrative credential management policies including multi-factor authentication (MFA) for all administrative access to ASPECT-Enterprise and related systems. 2. Implement network segmentation to isolate industrial control systems from general IT networks and limit access to only authorized personnel and systems. 3. Monitor and audit administrative access logs continuously to detect any unauthorized or suspicious activities promptly. 4. Apply principle of least privilege to administrative accounts to minimize the number of users with high-level access. 5. Regularly update and patch ABB products as soon as official fixes become available; engage with ABB support channels to obtain patches or workarounds. 6. Conduct security awareness training focused on credential protection and phishing prevention to reduce the risk of credential compromise. 7. Employ intrusion detection and prevention systems tailored for OT environments to identify anomalous configuration changes. 8. Develop and test incident response plans specific to OT system compromise scenarios to ensure rapid containment and recovery.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
ABB
Date Reserved
2025-05-08T12:07:14.660Z
Cisa Enriched
false
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682f6b520acd01a249264614

Added to database: 5/22/2025, 6:22:10 PM

Last enriched: 7/8/2025, 7:10:31 AM

Last updated: 8/16/2025, 6:14:34 PM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats