CVE-2024-13957
📋 TL;DR
This SSRF vulnerability in ABB ASPECT, NEXUS, and MATRIX series allows attackers to make unauthorized requests from the server to internal systems when administrator credentials are compromised. It affects all versions through 3.* of these industrial control system products. Attackers can potentially access sensitive internal resources.
💻 Affected Systems
- ASPECT-Enterprise
- NEXUS Series
- MATRIX Series
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of internal network resources, data exfiltration, and lateral movement to critical systems through server-initiated requests to internal services.
Likely Case
Unauthorized access to internal APIs, metadata services, or configuration endpoints leading to information disclosure and potential privilege escalation.
If Mitigated
Limited impact with proper network segmentation and credential protection, potentially only affecting non-critical internal services.
🎯 Exploit Status
Exploitation requires administrator credential compromise first; SSRF attack itself is straightforward once credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 3.* (consult ABB advisory for specific patched versions)
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch
Restart Required: Yes
Instructions:
1. Download the latest security update from ABB's official portal. 2. Apply the patch following ABB's installation guide. 3. Restart affected systems. 4. Verify the patch was successfully applied.
🔧 Temporary Workarounds
Network Segmentation
allRestrict outbound connections from affected systems to only necessary internal services
Credential Protection
allImplement strong password policies, multi-factor authentication, and regular credential rotation for administrator accounts
🧯 If You Can't Patch
- Implement strict network segmentation to limit outbound connections from affected systems
- Enhance monitoring of administrator account usage and implement credential protection measures
🔍 How to Verify
Check if Vulnerable:
Check if running ASPECT, NEXUS, or MATRIX series version 3.* or earlier; verify administrator credential protection statusCheck Version:
Check version through ABB system administration interface or consult system documentationVerify Fix Applied:
Confirm system version is updated beyond 3.* and test SSRF attempts are blocked📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from server to internal IPs
- Multiple failed authentication attempts on administrator accounts
- Unexpected requests to metadata services or internal APIs
Network Indicators:
- Outbound connections from industrial control systems to unexpected internal services
- HTTP requests with unusual parameters or headers from server IPs
SIEM Query:
source_ip=industrial_system AND dest_ip=internal_network AND protocol=http AND (uri_contains='metadata' OR uri_contains='169.254.169.254' OR uri_contains='localhost')