Vulnerabilities > ABB
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-22 | CVE-2020-24675 | Improper Authentication vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. | 9.8 |
| 2020-12-22 | CVE-2020-24674 | Incorrect Authorization vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. | 8.8 |
| 2020-12-22 | CVE-2020-24673 | SQL Injection vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. | 9.8 |
| 2020-07-15 | CVE-2020-10288 | Improper Authentication vulnerability in ABB Robotware 5.09 IRC5 exposes an ftp server (port 21). | 9.8 |
| 2020-07-15 | CVE-2020-10287 | Insufficiently Protected Credentials vulnerability in ABB Irb140 Firmware and Irc5 Firmware The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. | 9.8 |
| 2020-05-29 | CVE-2020-8482 | Insecure Storage of Sensitive Information vulnerability in ABB Device Library Wizard 6.0.3.2/6.1.0 Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | 5.5 |
| 2020-04-29 | CVE-2020-8489 | Unspecified vulnerability in ABB 800Xa Information Management Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. | 7.8 |
| 2020-04-29 | CVE-2020-8488 | Unspecified vulnerability in ABB 800Xa Batch Management Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. | 7.8 |
| 2020-04-29 | CVE-2020-8487 | Unspecified vulnerability in ABB 800Xa Base System Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. | 7.8 |
| 2020-04-29 | CVE-2020-8486 | Unspecified vulnerability in ABB 800Xa Rnrp Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. | 7.8 |