CVE-2024-48847

8.2 HIGH

📋 TL;DR

This vulnerability allows attackers to bypass MD5 checksum validation in ABB industrial control systems, potentially enabling malicious code execution or unauthorized modifications. It affects ABB ASPECT Enterprise, NEXUS Series, and MATRIX Series version 3.08.01 used in industrial environments.

💻 Affected Systems

Products:

ABB ASPECT - Enterprise
NEXUS Series
MATRIX Series

Versions: 3.08.01

Operating Systems: Not specified in advisory

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific ABB industrial control system products at version 3.08.01

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code, manipulate industrial processes, or disrupt critical operations.

🟠

Likely Case

Unauthorized software modifications, firmware tampering, or installation of malicious components through checksum bypass.

🟢

If Mitigated

Limited impact if proper network segmentation and integrity monitoring are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires understanding of MD5 collision attacks and access to affected systems

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided reference

Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

Restart Required: Yes

Instructions:

1. Review ABB advisory 9AKK108469A7497
2. Apply vendor-provided patches
3. Restart affected systems
4. Verify checksum validation is functioning correctly

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems from untrusted networks

Integrity Monitoring

all

Implement file integrity monitoring for critical system files

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy application whitelisting to prevent unauthorized execution

🔍 How to Verify

Check if Vulnerable:

Check system version against affected version 3.08.01

Check Version:

Check product documentation for version verification method

Verify Fix Applied:

Verify patch installation and test MD5 validation with known test files

📡 Detection & Monitoring

Log Indicators:

Unexpected checksum validation failures
Unauthorized file modifications

Network Indicators:

Unusual network traffic to/from industrial control systems

SIEM Query:

source="industrial_system" AND (event="checksum_failure" OR event="unauthorized_modification")

📊 Metadata

CVE ID: CVE-2024-48847

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE: CWE-328

Published: December 5, 2024

Last Updated: February 27, 2025

🔗 References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aspect Ent 12 Firmware by Abb

Aspect Ent 2 Firmware by Abb

Aspect Ent 256 Firmware by Abb

Aspect Ent 96 Firmware by Abb

Matrix 11 Firmware by Abb

Matrix 216 Firmware by Abb

Matrix 232 Firmware by Abb

Matrix 264 Firmware by Abb

Matrix 296 Firmware by Abb

Nexus 2128 A Firmware by Abb

Nexus 2128 F Firmware by Abb

Nexus 2128 Firmware by Abb

Nexus 2128 G Firmware by Abb

Nexus 264 A Firmware by Abb

Nexus 264 F Firmware by Abb

Nexus 264 Firmware by Abb

Nexus 264 G Firmware by Abb

Nexus 3 2128 Firmware by Abb

Nexus 3 264 Firmware by Abb