Filtered by vendor Abb
Subscribe
Total
125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22283 | 1 Abb | 38 Evd4, Evd4 Firmware, Rec615 and 35 more | 2024-11-21 | N/A | 6.2 MEDIUM |
| Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2. | |||||
| CVE-2021-22279 | 1 Abb | 2 Omnicore C30, Omnicore C30 Firmware | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port. | |||||
| CVE-2021-22278 | 2 Abb, Hitachienergy | 2 Update Manager, Pcm600 | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. | |||||
| CVE-2021-22277 | 1 Abb | 4 800xa, Base Software, Compact Product Suite and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. | |||||
| CVE-2021-22276 | 1 Abb | 10 System Access Point 127v, System Access Point 127v Firmware, System Access Point 2.0 and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. | |||||
| CVE-2021-22272 | 2 Abb, Busch-jaeger | 2 Mybuildings, Mybusch-jaeger | 2024-11-21 | 9.0 HIGH | 6.5 MEDIUM |
| The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch | |||||
| CVE-2020-8489 | 1 Abb | 1 800xa Information Management | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. | |||||
| CVE-2020-8488 | 1 Abb | 1 800xa Batch Management | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. | |||||
| CVE-2020-8487 | 1 Abb | 1 800xa Base System | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. | |||||
| CVE-2020-8486 | 1 Abb | 1 800xa Rnrp | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
| Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. | |||||
| CVE-2020-8485 | 1 Abb | 1 800xa | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | |||||
| CVE-2020-8484 | 1 Abb | 1 800xa | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | |||||
| CVE-2020-8482 | 1 Abb | 1 Device Library Wizard | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | |||||
| CVE-2020-8481 | 1 Abb | 1 800xa System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. | |||||
| CVE-2020-8479 | 1 Abb | 3 800xa System, Compact Hmi, Control Builder Safe | 2024-11-21 | 7.5 HIGH | 9.4 CRITICAL |
| For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling. | |||||
| CVE-2020-8478 | 1 Abb | 4 Ac800m, Base Software, Mms Server and 1 more | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder. | |||||
| CVE-2020-8477 | 1 Abb | 1 800xa Information Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. | |||||
| CVE-2020-8476 | 1 Abb | 3 800xa System, Compact Hmi, Control Builder Safe | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service. | |||||
| CVE-2020-8475 | 1 Abb | 3 800xa System, Compact Hmi, Control Builder Safe | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service. | |||||
| CVE-2020-8474 | 1 Abb | 1 800xa Base System | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. | |||||