CVE-2024-4008

FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:abb:2tma310010b0001_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:2tma310010b0001:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:abb:2tma310011b0001_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:2tma310011b0001:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:abb:2tma310011b0002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:2tma310011b0002:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:abb:2tma310010b0003_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:2tma310010b0003:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:abb:2tma310011b0003_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:2tma310011b0003:-:*:*:*:*:*:*:*

History

21 Nov 2024, 09:42

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 9.6
References	~~() https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory~~	() https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory

18 Jun 2024, 17:00

Type	Values Removed	Values Added
First Time		Abb 2tma310011b0001 Firmware Abb 2tma310011b0003 Abb Abb 2tma310011b0002 Firmware Abb 2tma310010b0003 Abb 2tma310010b0001 Abb 2tma310011b0003 Firmware Abb 2tma310010b0001 Firmware Abb 2tma310011b0001 Abb 2tma310011b0002 Abb 2tma310010b0003 Firmware
CPE		cpe:2.3:h:abb:2tma310010b0003:-:::::::* cpe:2.3:o:abb:2tma310011b0001_firmware:::::::: cpe:2.3:h:abb:2tma310010b0001:-:::::::* cpe:2.3:o:abb:2tma310010b0003_firmware:::::::: cpe:2.3:o:abb:2tma310010b0001_firmware:::::::: cpe:2.3:h:abb:2tma310011b0002:-:::::::* cpe:2.3:h:abb:2tma310011b0001:-:::::::* cpe:2.3:o:abb:2tma310011b0003_firmware:::::::: cpe:2.3:h:abb:2tma310011b0003:-:::::::* cpe:2.3:o:abb:2tma310011b0002_firmware::::::::
References	~~() https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch -~~	() https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~9.6~~	v2 : unknown v3 : 8.8

06 Jun 2024, 14:17

Type	Values Removed	Values Added
Summary		(es) La fuga de FDSK en ABB, Busch-Jaeger, FTS Display (versión 1.00) y BCU (versión 1.3.0.33) permite al atacante tomar el control mediante el acceso al sistema de bus KNX local

05 Jun 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-05 18:15

Updated : 2024-11-21 09:42

NVD link : CVE-2024-4008

Mitre link : CVE-2024-4008

CVE.ORG link : CVE-2024-4008

JSON object : View

Products Affected

abb

2tma310011b0001_firmware
2tma310011b0003_firmware
2tma310011b0002_firmware
2tma310010b0001
2tma310011b0003
2tma310010b0003_firmware
2tma310010b0003
2tma310011b0001
2tma310010b0001_firmware
2tma310011b0002

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-4008", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 6.0, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"safety": "NEGLIGIBLE", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 7.3, "automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:X/V:D/RE:M/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-06-05T18:15:11.113", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@ch.abb.com"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System"}, {"lang": "es", "value": "La fuga de FDSK en ABB, Busch-Jaeger, FTS Display (versi\u00f3n 1.00) y BCU (versi\u00f3n 1.3.0.33) permite al atacante tomar el control mediante el acceso al sistema de bus KNX local"}], "lastModified": "2024-11-21T09:42:01.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:2tma310010b0001_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FB4E951-BB1E-49EF-89E1-5FC528E7C39F", "versionEndExcluding": "1.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:2tma310010b0001:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5887B6A4-F626-43C0-B660-18E9BCB7573A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:2tma310011b0001_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47B72D86-BE3B-4E5E-AF78-D15B7BAAFB07", "versionEndExcluding": "1.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:2tma310011b0001:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF081477-A638-403C-B964-512AD9D778A1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:2tma310011b0002_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF7134CF-B90B-44C5-9AE9-634AD6390C82", "versionEndExcluding": "1.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:2tma310011b0002:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2040D08-9289-452C-87A1-0FDE70923797"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:2tma310010b0003_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90A07BBA-AC3C-43A4-87F5-B7873DE0E83E", "versionEndExcluding": "1.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:2tma310010b0003:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAB58037-6EC4-4816-B310-2D8000A1FF74"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:2tma310011b0003_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9125F6EB-0667-47AD-B2EA-F48FF5FE4D63", "versionEndExcluding": "1.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:2tma310011b0003:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D74D97B-D726-445F-9E69-9A613D466629"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@ch.abb.com"}

9.6 /10