Vulnerabilities > ABB

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-35527 Insufficiently Protected Credentials vulnerability in ABB Esoms
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser.
network
low complexity
abb CWE-522
5.0
2021-06-14 CVE-2021-26845 Incorrect Authorization vulnerability in ABB Esoms
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered.
network
low complexity
abb CWE-863
5.0
2021-06-14 CVE-2021-27196 Improper Input Validation vulnerability in ABB products
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds.
network
low complexity
abb CWE-20
5.0
2021-02-26 CVE-2020-24686 Resource Exhaustion vulnerability in ABB products
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state.
network
low complexity
abb CWE-400
5.0
2021-02-09 CVE-2020-24685 Allocation of Resources Without Limits OR Throttling vulnerability in ABB Ac500 CPU Firmware
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability.
network
low complexity
abb CWE-770
5.0
2020-12-22 CVE-2020-24683 Incorrect Resource Transfer Between Spheres vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication).
network
low complexity
abb CWE-669
7.5
2020-12-22 CVE-2020-24680 Insufficiently Protected Credentials vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.
local
low complexity
abb CWE-522
4.6
2020-12-22 CVE-2020-24679 Improper Input Validation vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages.
network
low complexity
abb CWE-20
critical
10.0
2020-12-22 CVE-2020-24678 Improper Privilege Management vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
An authenticated user might execute malicious code under the user context and take control of the system.
network
low complexity
abb CWE-269
6.5
2020-12-22 CVE-2020-24677 Improper Check for Unusual OR Exceptional Conditions vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.
network
low complexity
abb CWE-754
6.5