Vulnerabilities > ABB
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-22279 | Missing Authentication for Critical Function vulnerability in ABB Omnicore C30 Firmware A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port. | 9.3 |
| 2021-10-28 | CVE-2021-22278 | Improper Certificate Validation vulnerability in ABB Update Manager A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. | 6.7 |
| 2021-09-27 | CVE-2021-22272 | The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. | 9.0 |
| 2021-09-23 | CVE-2021-22276 | Improper Validation of Integrity Check Value vulnerability in ABB products The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. | 4.3 |
| 2021-09-08 | CVE-2020-24672 | Improper Input Validation vulnerability in ABB Base Software A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. | 6.8 |
| 2021-02-26 | CVE-2020-24686 | Resource Exhaustion vulnerability in ABB products The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. | 5.0 |
| 2021-02-09 | CVE-2020-24685 | Allocation of Resources Without Limits or Throttling vulnerability in ABB Ac500 CPU Firmware An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. | 5.0 |
| 2020-12-22 | CVE-2020-24683 | Incorrect Resource Transfer Between Spheres vulnerability in ABB Symphony + Historian and Symphony + Operations The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). | 7.5 |
| 2020-12-22 | CVE-2020-24680 | Insufficiently Protected Credentials vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. | 4.6 |
| 2020-12-22 | CVE-2020-24679 | Improper Input Validation vulnerability in ABB Symphony + Historian and Symphony + Operations A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. | 10.0 |