Filtered by vendor Abb
Subscriptions
Total
126 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0902 | 1 Abb | 14 Rmc-100, Rmc-100-lite, Rmc-100-lite Firmware and 11 more | 2024-11-21 | 8.1 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node. | ||||
| CVE-2022-0010 | 1 Abb | 5 Platform Engineering Tools, Qcs 800xa, Qcs 800xa Firmware and 2 more | 2024-11-21 | 7.8 High |
| Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0. | ||||
| CVE-2021-22288 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-11-21 | 7.5 High |
| Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | ||||
| CVE-2021-22286 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-11-21 | 7.5 High |
| Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | ||||
| CVE-2021-22285 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-11-21 | 7.5 High |
| Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive. | ||||
| CVE-2021-22284 | 1 Abb | 1 Opc Server For Ac 800m | 2024-11-21 | 8.4 High |
| Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. | ||||
| CVE-2021-22283 | 1 Abb | 38 Evd4, Evd4 Firmware, Rec615 and 35 more | 2024-11-21 | 6.2 Medium |
| Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2. | ||||
| CVE-2021-22279 | 1 Abb | 2 Omnicore C30, Omnicore C30 Firmware | 2024-11-21 | 9.8 Critical |
| A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port. | ||||
| CVE-2021-22278 | 2 Abb, Hitachienergy | 2 Update Manager, Pcm600 | 2024-11-21 | 6.7 Medium |
| A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. | ||||
| CVE-2021-22277 | 1 Abb | 4 800xa, Base Software, Compact Product Suite and 1 more | 2024-11-21 | 7.5 High |
| Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. | ||||
| CVE-2021-22276 | 1 Abb | 10 System Access Point 127v, System Access Point 127v Firmware, System Access Point 2.0 and 7 more | 2024-11-21 | 6.1 Medium |
| The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. | ||||
| CVE-2021-22272 | 2 Abb, Busch-jaeger | 2 Mybuildings, Mybusch-jaeger | 2024-11-21 | 6.5 Medium |
| The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch | ||||
| CVE-2020-8489 | 1 Abb | 1 800xa Information Management | 2024-11-21 | 7.8 High |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. | ||||
| CVE-2020-8488 | 1 Abb | 1 800xa Batch Management | 2024-11-21 | 7.8 High |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. | ||||
| CVE-2020-8487 | 1 Abb | 1 800xa Base System | 2024-11-21 | 6.6 Medium |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. | ||||
| CVE-2020-8486 | 1 Abb | 1 800xa Rnrp | 2024-11-21 | 6.6 Medium |
| Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. | ||||
| CVE-2020-8485 | 1 Abb | 1 800xa | 2024-11-21 | 7.8 High |
| Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | ||||
| CVE-2020-8484 | 1 Abb | 1 800xa | 2024-11-21 | 7.8 High |
| Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | ||||
| CVE-2020-8482 | 1 Abb | 1 Device Library Wizard | 2024-11-21 | 7.8 High |
| Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | ||||
| CVE-2020-8481 | 1 Abb | 1 800xa System | 2024-11-21 | 9.8 Critical |
| For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. | ||||