Latest Abb Vulnerabilities

CVE-2023-0426
ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who succ...
Abb Ac700f Firmware>=9.0.0<9.2.0
Abb Ac700f Firmware=9.2.0
Abb Ac700f Firmware=9.2.0-sp1
Abb Ac700f
Abb Freelance 2013
Abb Freelance 2013=sp1
and 6 more
CVE-2023-0425
ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who succ...
Abb Ac700f Firmware>=9.0.0<9.2.0
Abb Ac700f Firmware=9.2.0
Abb Ac700f Firmware=9.2.0-sp1
Abb Ac700f
Abb Freelance 2013
Abb Freelance 2013=sp1
and 6 more
CVE-2023-2685
A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up a...
Abb Ao-opc>=1.0.0<=3.2.1
CVE-2023-3322
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially cra...
ABB Zenon<=11.0.0
CVE-2023-3321
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially cra...
ABB Zenon<=11.0.0
CVE-2023-3323
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially cra...
ABB Zenon<=11.0.0
CVE-2023-3324
Insecure deserialization in zenon internal DLLs
ABB Zenon<=11.0.0
CVE-2023-2625
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulne...
Abb Txpert Hub Coretec 4 Firmware<3.0.1
Abb Txpert Hub Coretec 4
CVE-2023-2876
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).T...
Abb Rex640 Pcl1 Firmware>=1.0.0<1.0.8
ABB REX640 PCL1
Abb Rex640 Pcl2 Firmware>=1.0.0<1.1.4
ABB REX640 PCL2
Abb Rex640 Pcl3 Firmware>=1.0.0<1.2.1
ABB REX640 PCL3
CVE-2023-0636
Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series ...
Abb Aspect-ent-2 Firmware>=3.0.0<3.07.01
Abb Aspect-ent-2
Abb Aspect-ent-12 Firmware>=3.0.0<3.07.01
Abb Aspect-ent-12
Abb Aspect-ent-256 Firmware>=3.0.0<3.07.01
Abb Aspect-ent-256
and 32 more
CVE-2023-0635
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Ser...
Abb Aspect-ent-2 Firmware>=3.0.0<3.07.01
Abb Aspect-ent-2
Abb Aspect-ent-12 Firmware>=3.0.0<3.07.01
Abb Aspect-ent-12
Abb Aspect-ent-256 Firmware>=3.0.0<3.07.01
Abb Aspect-ent-256
and 32 more
CVE-2022-0010
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could succ...
ABB Platform Engineering Tools>=1.0.0<=2.3.0
Abb Qcs 800xa Firmware>=1.0.0<=5.1.0
Abb Qcs 800xa Firmware=5.1.0-sp2
ABB QCS 800xA
Abb Qcs Ac450 Firmware>=1.0.0<=6.1.0
Abb Qcs Ac450 Firmware=6.1.0-sp2
and 1 more
CVE-2023-0863
Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra ...
Abb Terra Ac Wallbox Ul40 Firmware>=1.0.0<1.5.6
Abb Terra Ac Wallbox Ul40
Abb Terra Ac Wallbox 80a Firmware>=1.0.0<1.5.6
Abb Terra Ac Wallbox 80a
Abb Terra Ac Wallbox Ul32a Firmware>=1.0.0<1.6.6
Abb Terra Ac Wallbox Ul32a
and 10 more
CVE-2023-0864
Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terr...
Abb Terra Ac Wallbox Ul40 Firmware>=1.0.0<1.5.6
Abb Terra Ac Wallbox Ul40
Abb Terra Ac Wallbox 80a Firmware>=1.0.0<1.5.6
Abb Terra Ac Wallbox 80a
Abb Terra Ac Wallbox Ul32a Firmware>=1.0.0<1.6.6
Abb Terra Ac Wallbox Ul32a
and 10 more
CVE-2023-0580
Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application ...
ABB My Control System>=5.0<=5.13
CVE-2022-3192
Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.
Abb Ac500 Cpu Firmware>=2.0.0<2.8.6
Abb Pm5630-2eth=2.0
Abb Pm5650-2eth=2.0
Abb Pm5670-2eth=2.0
Abb Pm5675-2eth=2.0
Abb Pm571-eth-v14x=2.0
and 24 more
CVE-2023-1258
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before ...
Abb Flow-x\/m Firmware<=3.2.6
Abb Flow-x\/m
Abb Flow-x\/c Firmware<=3.2.6
Abb Flow-x\/c
Abb Flow-x\/k Firmware<=3.2.6
Abb Flow-x\/k
and 10 more
CVE-2022-4126
Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.
ABB RCCMD<4.40_230207
Apple macOS
Linux Linux kernel
Microsoft Windows
CVE-2022-26080
Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936...
Abb H5692448 G104 Firmware
Abb H5692448 G104
Abb H5692448 G842 Firmware
Abb H5692448 G842
Abb H5692448 G224l Firmware
Abb H5692448 G224l
and 8 more
CVE-2023-0228
Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.
Abb Symphony Plus S\+ Operations>=2.0<2.1
Abb Symphony Plus S\+ Operations>=3.0<3.3
Abb Symphony Plus S\+ Operations=2.1
Abb Symphony Plus S\+ Operations=2.1-sp2
Abb Symphony Plus S\+ Operations=2.2
Abb Symphony Plus S\+ Operations=3.3
and 2 more
CVE-2021-22283
Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Rel...
Abb Smu615 Firmware<1.0.2
Abb Smu615
Abb Rec615 Firmware<2.0.3
Abb Rec615
Abb Rer615 Firmware<2.0.3
Abb Rer615
and 56 more
CVE-2022-1607
Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Contro...
ABB Infinity DC Power Plant<5.0.0
Abb Ne843 S<5.0.0
CVE-2022-3573
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due ...
GitLab GitLab>=15.4.0<15.5.7
GitLab GitLab>=15.4.0<15.5.7
GitLab GitLab>=15.6.0<15.6.4
GitLab GitLab>=15.6.0<15.6.4
GitLab GitLab>=15.7.0<15.7.2
GitLab GitLab>=15.7.0<15.7.2
and 2 more
CVE-2022-34838
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once ...
ABB Zenon<=8.20
CVE-2022-34837
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities...
ABB Zenon<=8.20
CVE-2022-34836
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who succ...
ABB Zenon<=8.20
CVE-2022-1596
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and...
Abb Rex640 Pcl1 Firmware<=1.0.7
ABB REX640 PCL1
Abb Rex640 Pcl2 Firmware<1.1.4
ABB REX640 PCL2
Abb Rex640 Pcl3 Firmware<1.2.1
ABB REX640 PCL3
CVE-2022-31217
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already ex...
Abb Automation Builder>=1.1.0<=2.5.0
Abb Drive Composer>=2.0<2.7.1
Abb Drive Composer>=2.0<2.7.1
Abb Mint Workbench<=5866
CVE-2022-31219
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already ex...
Abb Automation Builder>=1.1.0<=2.5.0
Abb Drive Composer>=2.0<2.7.1
Abb Drive Composer>=2.0<2.7.1
Abb Mint Workbench<=5866
CVE-2022-31216
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already ex...
Abb Automation Builder>=1.1.0<=2.5.0
Abb Drive Composer>=2.0<2.7.1
Abb Drive Composer>=2.0<2.7.1
Abb Mint Workbench<=5866
CVE-2022-31218
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already ex...
Abb Automation Builder>=1.1.0<=2.5.0
Abb Drive Composer>=2.0<2.7.1
Abb Drive Composer>=2.0<2.7.1
Abb Mint Workbench<=5866
CVE-2022-26057
Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already ex...
Abb Mint Workbench<=5866
CVE-2022-29483
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of th...
ABB e-Design<=1.12.2.0004
CVE-2022-28702
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of th...
ABB e-Design<=1.12.2.0004
CVE-2022-0947
A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending ...
Abb Arg600a1220na Firmware>=2.4.0<=3.4.10
Abb Arg600a1220na
Abb Arg600a1230na Firmware>=2.4.0<=3.4.10
Abb Arg600a1230na
Abb Arg600a1240na Firmware>=2.4.0<=3.4.10
Abb Arg600a1240na
and 42 more
CVE-2022-28613
A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER ...
Abb Rtu500 Firmware>=12.2.1.0<12.2.12.0
Hitachienergy Rtu500 Firmware>=12.0.1.0<12.0.14.0
Hitachienergy Rtu500 Firmware>=12.4.1.0<12.4.12.0
Hitachienergy Rtu500 Firmware>=12.6.1.0<12.6.8.0
Hitachienergy Rtu500 Firmware>=12.7.1.0<12.7.4.0
Hitachienergy Rtu500 Firmware>=13.2.1.0<13.2.5.0
and 1 more
CVE-2021-22277
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker ...
ABB 800xA>=5.1.0-0<=5.1.0-3
ABB 800xA>=5.1.1-0<=5.1.1-4
ABB 800xA>=6.0.0-0<6.0.0-4
ABB 800xA>=6.1.0-0<6.1.1-2
Abb Base Software>=5.1.0-0<=5.1.0-3
Abb Base Software>=5.1.1-0<=5.1.1-4
and 7 more
CVE-2021-22288
Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.
Abb Pni800 Firmware<=a_b
Abb Pni800
Abb Spiet800 Firmware<=a_b
ABB SPIET800
CVE-2021-22286
Abb Pni800 Firmware<=a_b
Abb Pni800
Abb Spiet800 Firmware<=a_b
ABB SPIET800
CVE-2021-22285
Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of ser...
Abb Pni800 Firmware<=a_b
Abb Pni800
Abb Spiet800 Firmware<=a_b
ABB SPIET800
CVE-2021-22284
Abb Opc Server For Ac 800m>=5.1.0-0<6.0.0-4
CVE-2021-22279
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Se...
Abb Omnicore C30 Firmware<7.3.2
Abb Omnicore C30
CVE-2021-22278
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.
=2.1
=2.1.0.4
=2.2
=2.2.0.1
=2.2.0.2
=2.2.0.23
and 5 more
CVE-2021-22272
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.d...
Abb Mybuildings<2021-05-03
Busch-jaeger Mybusch-jaeger<2021-05-03
CVE-2021-22276
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.
Abb System Access Point 2.0 Firmware<2.6.4
Abb System Access Point 2.0
Abb System Access Point 127v Firmware<2.6.4
Abb System Access Point 127v
Abb Wl-system Access Point 127v Firmware<2.6.4
Abb Wl-system Access Point 127v
and 4 more
CVE-2020-24672
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .
Abb Base Software<=6.1
CVE-2020-24686
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts...
Abb Pm554 Firmware
Abb Pm554
Abb Pm556 Firmware
Abb Pm556
Abb Pm564 Firmware
Abb Pm564
and 6 more
CVE-2020-24685
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR ...
Abb Ac500 Cpu Firmware<2.8.5
Abb Pm573-eth=2.0
Abb Pm583-eth=2.0
CVE-2020-24675
In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the c...
Abb Symphony \+ Historian=3.0
Abb Symphony \+ Historian=3.1
Abb Symphony \+ Operations=1.1
Abb Symphony \+ Operations=2.0
Abb Symphony \+ Operations=2.1-sp1
Abb Symphony \+ Operations=2.1-sp2
and 4 more
CVE-2020-24676
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and resu...
Abb Symphony \+ Historian=3.0
Abb Symphony \+ Historian=3.1
Abb Symphony \+ Operations=1.1
Abb Symphony \+ Operations=2.0
Abb Symphony \+ Operations=2.1-sp1
Abb Symphony \+ Operations=2.1-sp2
and 4 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203