CVE-2024-48849

Critical

Published: 29 January 2025

Published

29 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

EPSS Score 0.0015 35.5th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48849 is a critical-severity Missing Origin Validation in WebSockets (CWE-1385) vulnerability in Abb (inferred from references). Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-23 (Session Authenticity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match

prevent

Protects the authenticity of WebSocket and HTTPS communications sessions, directly addressing insufficient session management that allows unauthorized requests due to missing origin validation.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to system resources via WebSockets and HTTPS, mitigating unauthorized requests from unauthenticated attackers exploiting poor session controls.

SI-10 Information Input Validation good match

prevent

Validates information inputs such as WebSocket origin headers, preventing exploitation of missing origin validation that enables unauthorized HTTPS requests.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Direct remote unauthenticated exploitation of a public-facing WebSocket/HTTPS service due to missing origin validation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.

Deeper analysisAI

CVE-2024-48849 is a Missing Origin Validation in WebSockets vulnerability in FLXEON, where session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON versions through <= 9.3.4 and is associated with CWE-1385. The vulnerability received a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H), indicating critical severity due to its network accessibility and impacts.

Unauthenticated remote attackers with network access can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation allows attackers to achieve low impact on confidentiality while attaining high impact on integrity and availability, potentially enabling unauthorized actions over WebSockets or HTTPS sessions.

Mitigation details are available in the vendor advisory at https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch.

Details

CWE(s): CWE-1385

Affected Products

Abb

—

inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-34403Shared CWE-1385

CVE-2025-24964Shared CWE-1385

CVE-2025-68930Shared CWE-1385

CVE-2026-35589Shared CWE-1385

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch
cybersecurity@ch.abb.com