Vulnerabilities > ABB

DATE CVE VULNERABILITY TITLE RISK
2020-12-22 CVE-2020-24683 Incorrect Resource Transfer Between Spheres vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication).
network
low complexity
abb CWE-669
7.5
2020-12-22 CVE-2020-24680 Insufficiently Protected Credentials vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.
local
low complexity
abb CWE-522
4.6
2020-12-22 CVE-2020-24679 Improper Input Validation vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages.
network
low complexity
abb CWE-20
critical
10.0
2020-12-22 CVE-2020-24678 Improper Privilege Management vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
An authenticated user might execute malicious code under the user context and take control of the system.
network
low complexity
abb CWE-269
6.5
2020-12-22 CVE-2020-24677 Improper Check for Unusual OR Exceptional Conditions vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.
network
low complexity
abb CWE-754
6.5
2020-12-22 CVE-2020-24676 Improper Privilege Management vulnerability in ABB Symphony + Historian and Symphony + Operations
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks.
local
low complexity
abb CWE-269
4.6
2020-12-22 CVE-2020-24675 Improper Authentication vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process.
network
low complexity
abb CWE-287
7.5
2020-12-22 CVE-2020-24674 Incorrect Authorization vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected.
network
low complexity
abb CWE-863
critical
9.0
2020-12-22 CVE-2020-24673 SQL Injection vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
network
low complexity
abb CWE-89
7.5
2020-07-15 CVE-2020-10288 Improper Authentication vulnerability in ABB Robotware 5.09
IRC5 exposes an ftp server (port 21).
network
low complexity
abb CWE-287
7.5