Filtered by vendor Hitachienergy
Subscribe
Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19093 | 1 Hitachienergy | 1 Esoms | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. | |||||
| CVE-2019-19094 | 1 Hitachienergy | 1 Esoms | 2024-02-28 | 6.5 MEDIUM | 7.6 HIGH |
| Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. | |||||
| CVE-2019-18253 | 1 Hitachienergy | 2 Relion 670, Relion 670 Firmware | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
| An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. | |||||
| CVE-2019-18998 | 1 Hitachienergy | 1 Asset Suite | 2024-02-28 | 5.5 MEDIUM | 7.1 HIGH |
| Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly. | |||||
| CVE-2019-18247 | 1 Hitachienergy | 4 Relion 650, Relion 650 Firmware, Relion 670 and 1 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service. | |||||
| CVE-2018-20720 | 1 Hitachienergy | 2 Relion 630, Relion 630 Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message. | |||||
| CVE-2018-14805 | 1 Hitachienergy | 1 Esoms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. | |||||
| CVE-2018-1168 | 1 Hitachienergy | 2 Sys600, Sys600 Firmware | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. | |||||
| CVE-2017-15583 | 1 Hitachienergy | 2 Fox515t, Fox515t Firmware | 2024-02-28 | 5.0 MEDIUM | 6.5 MEDIUM |
| The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. | |||||
| CVE-2017-16731 | 1 Hitachienergy | 1 Ellipse | 2024-02-28 | 2.9 LOW | 8.8 HIGH |
| An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. | |||||
| CVE-2017-14025 | 1 Hitachienergy | 2 Fox515t, Fox515t Firmware | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server. | |||||