Filtered by vendor Abb
Subscribe
Total
124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0947 | 1 Abb | 48 Arc600a2323na, Arc600a2323na Firmware, Arc600a2324na and 45 more | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration. | |||||
| CVE-2022-1596 | 1 Abb | 6 Rex640 Pcl1, Rex640 Pcl1 Firmware, Rex640 Pcl2 and 3 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. | |||||
| CVE-2021-22286 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | |||||
| CVE-2021-22272 | 2 Abb, Busch-jaeger | 2 Mybuildings, Mybusch-jaeger | 2024-02-04 | 9.0 HIGH | 9.4 CRITICAL |
| The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch | |||||
| CVE-2021-22276 | 1 Abb | 10 System Access Point 127v, System Access Point 127v Firmware, System Access Point 2.0 and 7 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. | |||||
| CVE-2021-22278 | 2 Abb, Hitachienergy | 2 Update Manager, Pcm600 | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. | |||||
| CVE-2021-22288 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | |||||
| CVE-2021-22279 | 1 Abb | 2 Omnicore C30, Omnicore C30 Firmware | 2024-02-04 | 9.3 HIGH | 9.8 CRITICAL |
| A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port. | |||||
| CVE-2021-22285 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive. | |||||
| CVE-2020-24672 | 1 Abb | 1 Base Software | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . | |||||
| CVE-2021-22284 | 1 Abb | 1 Opc Server For Ac 800m | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. | |||||
| CVE-2020-24678 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges. | |||||
| CVE-2020-24673 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability. | |||||
| CVE-2020-24686 | 1 Abb | 12 Pm554, Pm554 Firmware, Pm556 and 9 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. | |||||
| CVE-2020-24674 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines. | |||||
| CVE-2020-24677 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. | |||||
| CVE-2020-24685 | 1 Abb | 3 Ac500 Cpu Firmware, Pm573-eth, Pm583-eth | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
| An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions. | |||||
| CVE-2020-24680 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-02-04 | 4.6 MEDIUM | 7.0 HIGH |
| In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. | |||||
| CVE-2020-24676 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as. | |||||
| CVE-2020-24679 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted. | |||||