CVE-2024-13951
📋 TL;DR
This vulnerability in ABB's ASPECT, NEXUS, and MATRIX series involves using predictable salts in one-way hash functions, potentially allowing attackers to crack hashed sensitive information like passwords. It affects all versions through 3.* of these industrial control system products. Attackers could gain unauthorized access to protected data.
💻 Affected Systems
- ASPECT-Enterprise
- NEXUS Series
- MATRIX Series
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers crack hashed credentials and gain administrative access to industrial control systems, enabling manipulation of critical infrastructure operations.
Likely Case
Attackers extract and crack hashed user credentials, gaining unauthorized access to system interfaces and potentially sensitive operational data.
If Mitigated
With proper network segmentation and access controls, impact is limited to credential exposure without system compromise.
🎯 Exploit Status
Exploitation requires obtaining hashed credentials first, but hash cracking with predictable salts is straightforward using standard tools.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 3.* (consult vendor advisory for specific fixed versions)
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch
Restart Required: Yes
Instructions:
1. Review vendor advisory for specific fixed versions. 2. Schedule maintenance window. 3. Backup system configuration. 4. Apply vendor-provided patches. 5. Restart affected systems. 6. Verify functionality.
🔧 Temporary Workarounds
Network segmentation and access controls
allRestrict network access to affected systems to prevent attackers from obtaining hashed credentials.
Credential rotation
allChange all user passwords after patching to ensure any previously exposed hashes are invalidated.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected systems from untrusted networks
- Enforce multi-factor authentication and regular credential rotation to limit impact of credential exposure
🔍 How to Verify
Check if Vulnerable:
Check system version against affected versions (through 3.*) in vendor documentation.Check Version:
Check via system administration interface or consult vendor documentation for version checking procedure.Verify Fix Applied:
Verify installed version is above 3.* or specifically listed as patched in vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts
- Multiple failed login attempts followed by successful login from new location
Network Indicators:
- Unexpected network traffic to/from affected systems
- Credential dumping tools communicating with systems
SIEM Query:
source="affected_system" AND (event_type="authentication" AND result="success" AND user_changed="true") OR (process_name="hashcat" OR process_name="john" AND destination_ip="affected_system_ip")