Cyber Posture

CVE-2024-10334

High

Published: 10 February 2025

Published
10 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
EPSS Score 0.0011 29.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10334 is a high-severity Plaintext Storage of a Password (CWE-256) vulnerability in Abb (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, ranked at the 29.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the specific VideONet vulnerability (CWE-256 plaintext password storage) through flaw identification, reporting, and correction in affected System 800xA versions, preventing exploitation.

IA-5 Authenticator Management good match
prevent

Protects authenticator content like plaintext passwords from unauthorized disclosure and modification by low-privilege local attackers, addressing the root cause of the vulnerability.

AC-6 Least Privilege good match
prevent

Enforces least privilege to restrict low-privilege local users from accessing VideONet components or password storage needed to stop or manipulate video feeds.

NVD Description

A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects…

more

System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.

Deeper analysisAI

CVE-2024-10334 is a vulnerability in the VideONet product included in ABB System 800xA versions 5.1.X, 6.0.3.X, 6.1.1.X, and 6.2.X where VideONet is used. Associated with CWE-256, it has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H).

An attacker with local access, low privileges, and able to meet low complexity requirements can exploit the vulnerability without user interaction. Successful exploitation could allow the attacker to stop or manipulate the video feed in the worst case, achieving high confidentiality impact, low integrity impact, and high availability impact.

Mitigation details are outlined in the ABB security advisory at https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159&LanguageCode=en&DocumentPartId=&Action=Launch.

Details

CWE(s)
CWE-256

Affected Products

Abb
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-27656Shared CWE-256
CVE-2026-33216Shared CWE-256
CVE-2024-55026Shared CWE-256
CVE-2026-35556Shared CWE-256
CVE-2025-27662Shared CWE-256
CVE-2025-36258Shared CWE-256
CVE-2026-21417Shared CWE-256
CVE-2021-47961Shared CWE-256
CVE-2024-41336Shared CWE-256
CVE-2026-21660Shared CWE-256

References