Filtered by vendor Abb
Subscriptions
Total
149 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0335 | 1 Abb | 3 Symphony Plus S\+ Analyst, Symphony Plus S\+ Engineering, Symphony Plus S\+ Operations | 2024-11-21 | 7.5 High |
| ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2. | ||||
| CVE-2023-3324 | 1 Abb | 1 Zenon | 2024-11-21 | 6.3 Medium |
| A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | ||||
| CVE-2023-3323 | 1 Abb | 1 Zenon | 2024-11-21 | 5.9 Medium |
| A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | ||||
| CVE-2023-3322 | 1 Abb | 1 Zenon | 2024-11-21 | 7 High |
| A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | ||||
| CVE-2023-3321 | 1 Abb | 1 Zenon | 2024-11-21 | 7 High |
| A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | ||||
| CVE-2023-2685 | 1 Abb | 1 Ao-opc | 2024-11-21 | 7.2 High |
| A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 | ||||
| CVE-2023-0426 | 1 Abb | 8 Ac700f, Ac700f Firmware, Ac900f and 5 more | 2024-11-21 | 8.6 High |
| ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1. | ||||
| CVE-2023-0228 | 1 Abb | 1 Symphony Plus S\+ Operations | 2024-11-21 | 8.8 High |
| Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. | ||||
| CVE-2022-3573 | 2 Abb, Gitlab | 2 Drive Composer, Gitlab | 2024-11-21 | 5.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. | ||||
| CVE-2022-34838 | 1 Abb | 1 Zenon | 2024-11-21 | 8.1 High |
| Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user. | ||||
| CVE-2022-34837 | 1 Abb | 1 Zenon | 2024-11-21 | 6.2 Medium |
| Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. | ||||
| CVE-2022-34836 | 1 Abb | 1 Zenon | 2024-11-21 | 5.9 Medium |
| Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. | ||||
| CVE-2022-31219 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2024-11-21 | 7.3 High |
| Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | ||||
| CVE-2022-31218 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2024-11-21 | 7.8 High |
| Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | ||||
| CVE-2022-31217 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2024-11-21 | 7.8 High |
| Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | ||||
| CVE-2022-31216 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2024-11-21 | 7.8 High |
| Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | ||||
| CVE-2022-29483 | 1 Abb | 1 E-design | 2024-11-21 | 7.8 High |
| Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | ||||
| CVE-2022-28702 | 1 Abb | 1 E-design | 2024-11-21 | 6.1 Medium |
| Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | ||||
| CVE-2022-28613 | 2 Abb, Hitachienergy | 3 Rtu500 Firmware, Rtu500, Rtu500 Firmware | 2024-11-21 | 7.5 High |
| A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function. | ||||
| CVE-2022-26080 | 1 Abb | 14 H5692448 G104, H5692448 G104 Firmware, H5692448 G224l and 11 more | 2024-11-21 | 6.3 Medium |
| Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. | ||||