Vulnerabilities > ABB
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-14 | CVE-2021-35527 | Insufficiently Protected Credentials vulnerability in ABB Esoms Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. | 5.0 |
| 2021-06-14 | CVE-2021-26845 | Incorrect Authorization vulnerability in ABB Esoms Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. | 5.0 |
| 2021-06-14 | CVE-2021-27196 | Improper Input Validation vulnerability in ABB products Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. | 5.0 |
| 2021-02-26 | CVE-2020-24686 | Resource Exhaustion vulnerability in ABB products The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. | 5.0 |
| 2021-02-09 | CVE-2020-24685 | Allocation of Resources Without Limits OR Throttling vulnerability in ABB Ac500 CPU Firmware An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. | 5.0 |
| 2020-12-22 | CVE-2020-24683 | Incorrect Resource Transfer Between Spheres vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). | 7.5 |
| 2020-12-22 | CVE-2020-24680 | Insufficiently Protected Credentials vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. | 4.6 |
| 2020-12-22 | CVE-2020-24679 | Improper Input Validation vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. | 10.0 |
| 2020-12-22 | CVE-2020-24678 | Improper Privilege Management vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations An authenticated user might execute malicious code under the user context and take control of the system. | 6.5 |
| 2020-12-22 | CVE-2020-24677 | Improper Check for Unusual OR Exceptional Conditions vulnerability in ABB Symphony Plus Historian and Symphony Plus Operations Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. | 6.5 |