CVE-2024-10334
Published: 10 February 2025
Summary
CVE-2024-10334 is a high-severity Plaintext Storage of a Password (CWE-256) vulnerability in Abb (inferred from references). Its CVSS base score is 7.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 29.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and IA-5 (Authenticator Management).
Deeper analysis
CVE-2024-10334 is a vulnerability in the VideONet product included in ABB System 800xA versions 5.1.X, 6.0.3.X, 6.1.1.X, and 6.2.X where VideONet is used. Associated with CWE-256, it has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H).
An attacker with local access, low privileges, and able to meet low complexity requirements can exploit the vulnerability without user interaction. Successful exploitation could allow the attacker to stop or manipulate the video feed in the worst case, achieving high confidentiality impact, low integrity impact, and high availability impact.
Mitigation details are outlined in the ABB security advisory at https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159&LanguageCode=en&DocumentPartId=&Action=Launch.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5061
Vulnerability details
A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects…
more
System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-256 plaintext password storage directly enables T1552 Unsecured Credentials; local exploitation to stop/manipulate video feed maps to T1489 Service Stop.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the specific VideONet vulnerability (CWE-256 plaintext password storage) through flaw identification, reporting, and correction in affected System 800xA versions, preventing exploitation.
Protects authenticator content like plaintext passwords from unauthorized disclosure and modification by low-privilege local attackers, addressing the root cause of the vulnerability.
Enforces least privilege to restrict low-privilege local users from accessing VideONet components or password storage needed to stop or manipulate video feeds.