Filtered by vendor Abb
Subscriptions
Total
126 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0335 | 1 Abb | 3 Symphony Plus S\+ Analyst, Symphony Plus S\+ Engineering, Symphony Plus S\+ Operations | 2024-09-19 | 7.5 High |
| ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2. | ||||
| CVE-2023-0636 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2024-09-19 | 7.2 High |
| Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1. | ||||
| CVE-2023-0635 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2024-09-19 | 7.8 High |
| Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01. | ||||
| CVE-2021-22288 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-09-17 | 7.5 High |
| Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | ||||
| CVE-2022-34837 | 1 Abb | 1 Zenon | 2024-09-17 | 6.2 Medium |
| Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. | ||||
| CVE-2020-24677 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-09-17 | 8.8 High |
| Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. | ||||
| CVE-2018-19008 | 1 Abb | 2 Cp400pb, Cp400pb Firmware | 2024-09-17 | N/A |
| The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution. | ||||
| CVE-2022-34838 | 1 Abb | 1 Zenon | 2024-09-17 | 8.1 High |
| Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user. | ||||
| CVE-2020-24678 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-09-17 | 8.8 High |
| An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges. | ||||
| CVE-2017-7931 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2024-09-17 | N/A |
| In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication. | ||||
| CVE-2018-17928 | 1 Abb | 2 Cms-770, Cms-770 Firmware | 2024-09-17 | N/A |
| The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism. | ||||
| CVE-2022-34836 | 1 Abb | 1 Zenon | 2024-09-17 | 5.9 Medium |
| Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. | ||||
| CVE-2022-0902 | 1 Abb | 14 Rmc-100, Rmc-100-lite, Rmc-100-lite Firmware and 11 more | 2024-09-17 | 8.1 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node. | ||||
| CVE-2020-24680 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-09-17 | 7 High |
| In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. | ||||
| CVE-2021-22277 | 1 Abb | 4 800xa, Base Software, Compact Product Suite and 1 more | 2024-09-17 | 7.5 High |
| Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. | ||||
| CVE-2020-24683 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-09-17 | 9.8 Critical |
| The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application. | ||||
| CVE-2017-7906 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2024-09-17 | N/A |
| In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user. | ||||
| CVE-2020-24679 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-09-17 | 7.5 High |
| A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted. | ||||
| CVE-2022-0947 | 1 Abb | 48 Arc600a2323na, Arc600a2323na Firmware, Arc600a2324na and 45 more | 2024-09-17 | 9 Critical |
| A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration. | ||||
| CVE-2021-22286 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-09-17 | 7.5 High |
| Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | ||||