CVE-2024-51547

Critical

Published: 06 February 2025

Published

06 February 2025

Modified

23 May 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-51547 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Abb Aspect-Ent-2 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Default Accounts (T1078.001). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the hard-coded credentials vulnerability by requiring timely application of patches from the ABB advisory to eliminate the flaw.

IA-5 Authenticator Management partial match

prevent

Addresses mismanagement of authenticators by requiring verification, protection, and replacement of default or hard-coded credentials prior to use.

SC-7 Boundary Protection partial match

prevent

Mitigates remote unauthenticated network exploitation by enforcing boundary protections that limit access to affected ABB systems.

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth

Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

Hard-coded credentials directly enable use of default/embedded valid accounts for remote unauthenticated access and full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

Deeper analysisAI

CVE-2024-51547 is a Use of Hard-coded Credentials vulnerability (CWE-798) affecting ABB ASPECT-Enterprise through version 3.*, ABB NEXUS Series through version 3.*, and ABB MATRIX Series through version 3.*. Published on 2025-02-06, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high impact on confidentiality, integrity, and availability.

The vulnerability enables exploitation by unauthenticated remote attackers over the network with low complexity and no user interaction required. Successful exploitation allows attackers to leverage the hard-coded credentials for unauthorized access, potentially leading to full compromise of affected systems, including data exfiltration, modification, or disruption of services.

ABB has published a public advisory detailing the issue, available at https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&LanguageCode=en&DocumentPartId=pdf%20-%20Public%20Advisory&Action=Launch. Security practitioners should consult this advisory for specific mitigation guidance and patch information.