Vulnerabilities > ABB

DATE CVE VULNERABILITY TITLE RISK
2022-05-10 CVE-2022-0947 Improper Initialization vulnerability in ABB products
A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration.
network
abb CWE-665
6.8
2022-05-02 CVE-2022-28613 Improper Input Validation vulnerability in ABB Rtu500 Firmware
A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message.
network
low complexity
abb CWE-20
7.8
2022-04-01 CVE-2021-22277 Improper Input Validation vulnerability in ABB products
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.
network
low complexity
abb CWE-20
7.8
2022-03-11 CVE-2021-27414 Improper Restriction of Rendered UI Layers or Frames vulnerability in ABB Ellipse Enterprise Asset Management
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.
network
abb CWE-1021
4.3
2022-03-11 CVE-2021-27416 Cross-site Scripting vulnerability in ABB Ellipse Enterprise Asset Management
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser.
network
abb CWE-79
5.8
2022-02-04 CVE-2021-22284 Incorrect Permission Assignment for Critical Resource vulnerability in ABB OPC Server for AC 800M
Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server.
network
low complexity
abb CWE-732
6.5
2022-02-04 CVE-2021-22285 Improper Handling of Exceptional Conditions vulnerability in ABB Pni800 Firmware and Spiet800 Firmware
Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive.
network
low complexity
abb CWE-755
5.0
2022-02-04 CVE-2021-22286 Improper Input Validation vulnerability in ABB Pni800 Firmware and Spiet800 Firmware
Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.
network
low complexity
abb CWE-20
5.0
2022-02-04 CVE-2021-22288 Improper Input Validation vulnerability in ABB Pni800 Firmware and Spiet800 Firmware
Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.
network
low complexity
abb CWE-20
5.0
2021-12-13 CVE-2021-22279 Missing Authentication for Critical Function vulnerability in ABB Omnicore C30 Firmware
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.
network
abb CWE-306
critical
9.3