Summary: ABB has issued a cybersecurity advisory regarding a critical path traversal vulnerability (CVE-2024-48510) in its Drive Composer software, affecting versions 2.9.0.1 and earlier. Rated 9.8 on the CVSS scale, the vulnerability could allow attackers to gain unauthorized access to the file system, execute arbitrary code, and compromise systems. Users are urged to update to version 2.9.1, which addresses the issue, and to follow ABB’s security recommendations in the meantime.
Affected: ABB Drive Composer software
Keypoints :
- A critical path traversal vulnerability (CVE-2024-48510) allows unauthorized access to the file system.
- The flaw is due to improper directory validation in DotNetZip v1.16.0 and earlier.
- ABB recommends immediate update to version 2.9.1 and provides additional security measures for users unable to update.
Views: 8