| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. |
| Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE.
When the REST interface is enabled by the user, and an attacker gains access to
source code and control network, the attacker can bypass the REST interface authentication and gain access to MQTT configuration data.
This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016. |
| Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. |
| Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. |
| ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may
be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)
This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2. |
| Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. |
| Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2. |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33. |
| SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised.
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. |
| Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions |
| Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions |
| Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised.
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. |
| Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. |
| Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE.
When the REST interface is enabled by the user, and an attacker gains access to
the control network, and user/password broker authentication is enabled, and
CVE-2025-6074 is exploited, the attacker can overflow the buffer for username or
password.
This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016. |
| Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33. |
| Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE.
An attacker can gain access to salted information to decrypt MQTT information.
This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016. |
| Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE.
When the REST interface is enabled by the user, and an attacker gains access to
the control network, and CVE-2025-6074 is exploited, the attacker can use the
JSON configuration to overflow the date of expiration field.This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016. |
| The ASPECT system allows users to bypass authentication.
This issue affects all versions of ASPECT |
| An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. |
