Cyber Resilience

CVE-2024-10334

High

Published: 10 February 2025

Published
10 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:X
EPSS Score 0.0011 29.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10334 is a high-severity Plaintext Storage of a Password (CWE-256) vulnerability in Abb (inferred from references). Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 29.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2024-10334 is a vulnerability in the VideONet product included in ABB System 800xA versions 5.1.X, 6.0.3.X, 6.1.1.X, and 6.2.X where VideONet is used. Associated with CWE-256, it has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H).

An attacker with local access, low privileges, and able to meet low complexity requirements can exploit the vulnerability without user interaction. Successful exploitation could allow the attacker to stop or manipulate the video feed in the worst case, achieving high confidentiality impact, low integrity impact, and high availability impact.

Mitigation details are outlined in the ABB security advisory at https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159&LanguageCode=en&DocumentPartId=&Action=Launch.

EU & UK References

Vulnerability details

A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects…

more

System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
T1489 Service Stop Impact
Adversaries may stop or disable services on a system to render those services unavailable to legitimate users.
Why these techniques?

CWE-256 plaintext password storage directly enables T1552 Unsecured Credentials; local exploitation to stop/manipulate video feed maps to T1489 Service Stop.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-35556Shared CWE-256
CVE-2025-27656Shared CWE-256
CVE-2025-27662Shared CWE-256
CVE-2026-33216Shared CWE-256
CVE-2025-36258Shared CWE-256
CVE-2024-55026Shared CWE-256
CVE-2024-41336Shared CWE-256
CVE-2026-21417Shared CWE-256
CVE-2021-47961Shared CWE-256
CVE-2025-21102Shared CWE-256

Affected Assets

Abb
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific VideONet vulnerability (CWE-256 plaintext password storage) through flaw identification, reporting, and correction in affected System 800xA versions, preventing exploitation.

prevent

Protects authenticator content like plaintext passwords from unauthorized disclosure and modification by low-privilege local attackers, addressing the root cause of the vulnerability.

prevent

Enforces least privilege to restrict low-privilege local users from accessing VideONet components or password storage needed to stop or manipulate video feeds.

References