Vulnerabilities > ABB
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-29 | CVE-2020-8471 | Incorrect Default Permissions vulnerability in ABB 800Xa System, Compact HMI and Control Builder Safe For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code. | 7.8 |
| 2020-04-29 | CVE-2020-8473 | Incorrect Permission Assignment for Critical Resource vulnerability in ABB 800Xa Base System Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. | 7.8 |
| 2020-04-29 | CVE-2020-8472 | Incorrect Permission Assignment for Critical Resource vulnerability in ABB products Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. | 7.8 |
| 2020-04-27 | CVE-2020-11420 | Path Traversal vulnerability in multiple products UPS Adapter CS141 before 1.90 allows Directory Traversal. | 6.5 |
| 2020-04-22 | CVE-2020-8477 | Cross-site Scripting vulnerability in ABB 800Xa Information Manager The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. | 8.8 |
| 2020-04-22 | CVE-2020-8474 | Improper Privilege Management vulnerability in ABB 800Xa Base System 5.1/6.0/6.0.0 Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. | 7.8 |
| 2020-04-22 | CVE-2019-19107 | Cleartext Transmission of Sensitive Information vulnerability in multiple products The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed). | 5.5 |
| 2020-04-22 | CVE-2019-19106 | Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings. | 9.1 |
| 2020-04-22 | CVE-2019-19105 | Insufficiently Protected Credentials vulnerability in multiple products The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext. | 5.5 |
| 2020-04-22 | CVE-2019-19104 | Missing Authentication for Critical Function vulnerability in multiple products The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. | 9.8 |