Vulnerabilities > ABB
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-21 | CVE-2022-1596 | Incorrect Permission Assignment for Critical Resource vulnerability in ABB products Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. | 4.0 |
2022-06-15 | CVE-2022-26057 | Improper Privilege Management vulnerability in ABB Mint Workbench 5866 Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. | 7.2 |
2022-06-15 | CVE-2022-31216 | Improper Privilege Management vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. | 7.2 |
2022-06-15 | CVE-2022-31217 | Improper Privilege Management vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. | 7.2 |
2022-06-15 | CVE-2022-31218 | Improper Privilege Management vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. | 7.2 |
2022-06-15 | CVE-2022-31219 | Improper Privilege Management vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. | 7.2 |
2022-06-07 | CVE-2021-35530 | Improper Authentication vulnerability in ABB Txpert HUB Coretec 4 Firmware A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. | 6.7 |
2022-06-07 | CVE-2021-35531 | Improper Input Validation vulnerability in ABB Txpert HUB Coretec 4 Firmware Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. | 7.2 |
2022-06-07 | CVE-2021-35532 | Unrestricted Upload of File with Dangerous Type vulnerability in ABB Txpert HUB Coretec 4 Firmware A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. | 7.2 |
2022-06-02 | CVE-2022-28702 | Incorrect Default Permissions vulnerability in ABB E-Design Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | 5.5 |