Filtered by vendor Abb
Subscribe
Total
119 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-2513 | 1 Abb | 12 Gms600, Gms600 Firmware, Pcm600 and 9 more | 2024-02-04 | N/A | 5.5 MEDIUM |
A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. An attacker who manages to get access to the exported backup file can exploit the vulnerability and obtain credentials of the IEDs. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs. | |||||
CVE-2023-0228 | 1 Abb | 1 Symphony Plus S\+ Operations | 2024-02-04 | N/A | 8.8 HIGH |
Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. | |||||
CVE-2022-26080 | 1 Abb | 14 H5692448 G104, H5692448 G104 Firmware, H5692448 G224l and 11 more | 2024-02-04 | N/A | 4.3 MEDIUM |
Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. | |||||
CVE-2022-3573 | 2 Abb, Gitlab | 2 Drive Composer, Gitlab | 2024-02-04 | N/A | 5.4 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. | |||||
CVE-2022-3388 | 1 Abb | 1 Microscada Pro Sys600 | 2024-02-04 | N/A | 7.8 HIGH |
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. | |||||
CVE-2022-34838 | 1 Abb | 1 Zenon | 2024-02-04 | N/A | 8.4 HIGH |
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user. | |||||
CVE-2022-0902 | 1 Abb | 14 Rmc-100, Rmc-100-lite, Rmc-100-lite Firmware and 11 more | 2024-02-04 | N/A | 9.8 CRITICAL |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node. | |||||
CVE-2022-34836 | 1 Abb | 1 Zenon | 2024-02-04 | N/A | 8.2 HIGH |
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. | |||||
CVE-2022-26057 | 1 Abb | 1 Mint Workbench | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product | |||||
CVE-2021-22277 | 1 Abb | 4 800xa, Base Software, Compact Product Suite and 1 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. | |||||
CVE-2022-31219 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | |||||
CVE-2022-28702 | 1 Abb | 1 E-design | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | |||||
CVE-2022-0947 | 1 Abb | 48 Arc600a2323na, Arc600a2323na Firmware, Arc600a2324na and 45 more | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration. | |||||
CVE-2022-31217 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | |||||
CVE-2022-28613 | 2 Abb, Hitachienergy | 3 Rtu500 Firmware, Rtu500, Rtu500 Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*. | |||||
CVE-2022-31218 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | |||||
CVE-2022-1596 | 1 Abb | 6 Rex640 Pcl1, Rex640 Pcl1 Firmware, Rex640 Pcl2 and 3 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. | |||||
CVE-2021-22286 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | |||||
CVE-2021-22272 | 2 Abb, Busch-jaeger | 2 Mybuildings, Mybusch-jaeger | 2024-02-04 | 9.0 HIGH | 9.4 CRITICAL |
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch | |||||
CVE-2021-22276 | 1 Abb | 10 System Access Point 127v, System Access Point 127v Firmware, System Access Point 2.0 and 7 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. |