Vulnerabilities > ABB

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2022-1596 Incorrect Permission Assignment for Critical Resource vulnerability in ABB products
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.
network
low complexity
abb CWE-732
4.0
2022-06-15 CVE-2022-26057 Improper Privilege Management vulnerability in ABB Mint Workbench 5866
Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist.
local
low complexity
abb CWE-269
7.2
2022-06-15 CVE-2022-31216 Improper Privilege Management vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist.
local
low complexity
abb CWE-269
7.2
2022-06-15 CVE-2022-31217 Improper Privilege Management vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist.
local
low complexity
abb CWE-269
7.2
2022-06-15 CVE-2022-31218 Improper Privilege Management vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist.
local
low complexity
abb CWE-269
7.2
2022-06-15 CVE-2022-31219 Improper Privilege Management vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist.
local
low complexity
abb CWE-269
7.2
2022-06-07 CVE-2021-35530 Improper Authentication vulnerability in ABB Txpert HUB Coretec 4 Firmware
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism.
local
low complexity
abb CWE-287
7.2
2022-06-07 CVE-2021-35531 Improper Input Validation vulnerability in ABB Txpert HUB Coretec 4 Firmware
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system.
local
low complexity
abb CWE-20
7.2
2022-06-07 CVE-2021-35532 Unrestricted Upload of File with Dangerous Type vulnerability in ABB Txpert HUB Coretec 4 Firmware
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product.
local
low complexity
abb CWE-434
7.2
2022-06-02 CVE-2022-28702 Incorrect Default Permissions vulnerability in ABB E-Design
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.
local
low complexity
abb CWE-276
7.2