Primary

Context

ABB ASPECT, NEXUS, and MATRIX Series Applications Binary Planting Vulnerability Due to Unsigned DLLs

Vulnerability

A vulnerability exists in ABB's ASPECT-Enterprise, NEXUS Series, and MATRIX Series applications, all through version 3.*, due to DLLs not being digitally signed when loaded in the ASPECT configuration toolset. This oversight exposes the application to binary planting attacks during device commissioning.

Impact

Exploitation of this vulnerability could lead to binary planting, allowing malicious DLLs to be loaded by the application, potentially leading to arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ABB ASPECT, NEXUS, and MATRIX Series Applications Binary Planting Vulnerability Due to Unsigned DLLs

Vulnerability

Impact

Affected Products

ABB ASPECT-Enterprise

ABB NEXUS

ABB MATRIX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating