Vulnerabilities > ABB

DATE CVE VULNERABILITY TITLE RISK
2021-09-27 CVE-2021-22272 The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile.
network
abb busch-jaeger
critical
9.0
2021-09-23 CVE-2021-22276 Improper Validation of Integrity Check Value vulnerability in ABB products
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the [email protected] System Access Point.
network
abb CWE-354
4.3
2021-09-08 CVE-2020-24672 Missing Authorization vulnerability in ABB Base Software
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product.
network
abb CWE-862
6.8
2021-07-14 CVE-2021-35527 Insufficiently Protected Credentials vulnerability in ABB Esoms
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser.
network
low complexity
abb CWE-522
5.0
2021-06-14 CVE-2021-26845 Incorrect Authorization vulnerability in ABB Esoms
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered.
network
low complexity
abb CWE-863
5.0
2021-06-14 CVE-2021-27196 Improper Input Validation vulnerability in ABB products
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds.
network
low complexity
abb CWE-20
5.0
2021-02-26 CVE-2020-24686 Resource Exhaustion vulnerability in ABB products
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state.
network
low complexity
abb CWE-400
5.0
2021-02-09 CVE-2020-24685 Allocation of Resources Without Limits or Throttling vulnerability in ABB Ac500 CPU Firmware
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability.
network
low complexity
abb CWE-770
5.0
2020-12-22 CVE-2020-24683 Incorrect Resource Transfer Between Spheres vulnerability in ABB Symphony + Historian and Symphony + Operations
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication).
network
low complexity
abb CWE-669
7.5
2020-12-22 CVE-2020-24680 Insufficiently Protected Credentials vulnerability in ABB Symphony + Historian and Symphony + Operations
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.
local
low complexity
abb CWE-522
4.6