Vulnerabilities > ABB

DATE CVE VULNERABILITY TITLE RISK
2023-08-07 CVE-2023-0425 Numeric Range Comparison Without Minimum Check vulnerability in ABB products
ABB is aware of vulnerabilities in the product versions listed below.
network
low complexity
abb CWE-839
7.5
2023-08-07 CVE-2023-0426 Stack-based Buffer Overflow vulnerability in ABB products
ABB is aware of vulnerabilities in the product versions listed below.
network
low complexity
abb CWE-121
7.5
2023-07-28 CVE-2023-2685 Unquoted Search Path or Element vulnerability in ABB Ao-Opc
A vulnerability was found in AO-OPC server versions mentioned above.
local
high complexity
abb CWE-428
6.3
2023-07-24 CVE-2023-3321 External Control of System or Configuration Setting vulnerability in ABB Zenon
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system.
network
low complexity
abb CWE-15
8.8
2023-07-24 CVE-2023-3322 Incorrect Permission Assignment for Critical Resource vulnerability in ABB Zenon
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system.
network
low complexity
abb CWE-732
8.1
2023-07-24 CVE-2023-3323 Incorrect Default Permissions vulnerability in ABB Zenon
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system.
network
low complexity
abb CWE-276
5.4
2023-07-24 CVE-2023-3324 Deserialization of Untrusted Data vulnerability in ABB Zenon
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system.
network
high complexity
abb CWE-502
7.5
2023-06-28 CVE-2023-2625 OS Command Injection vulnerability in ABB Txpert HUB Coretec 4 Firmware
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN.
low complexity
abb CWE-78
8.0
2023-06-13 CVE-2023-2876 Incorrect Permission Assignment for Critical Resource vulnerability in ABB products
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
network
low complexity
abb CWE-732
6.1
2023-06-05 CVE-2023-0635 Unspecified vulnerability in ABB products
Improper Privilege Management vulnerability in ABB Ltd.
network
low complexity
abb
critical
9.8