Vulnerabilities > ABB

DATE CVE VULNERABILITY TITLE RISK
2020-04-27 CVE-2020-11420 Path Traversal vulnerability in multiple products
UPS Adapter CS141 before 1.90 allows Directory Traversal.
network
low complexity
abb generex CWE-22
6.5
2020-04-22 CVE-2020-8477 Cross-site Scripting vulnerability in ABB 800Xa Information Manager
The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component.
network
low complexity
abb CWE-79
8.8
2020-04-22 CVE-2020-8474 Improper Privilege Management vulnerability in ABB 800Xa Base System 5.1/6.0/6.0.0
Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction.
local
low complexity
abb CWE-269
7.8
2020-04-22 CVE-2019-19107 Cleartext Transmission of Sensitive Information vulnerability in multiple products
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).
local
low complexity
abb busch-jaeger CWE-319
5.5
2020-04-22 CVE-2019-19106 Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings.
network
low complexity
abb busch-jaeger
critical
9.1
2020-04-22 CVE-2019-19105 Insufficiently Protected Credentials vulnerability in multiple products
The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext.
local
low complexity
abb busch-jaeger CWE-522
5.5
2020-04-22 CVE-2019-19104 Missing Authentication for Critical Function vulnerability in multiple products
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules.
network
low complexity
abb busch-jaeger CWE-306
critical
9.8
2020-01-14 CVE-2019-10995 Use of Hard-coded Credentials vulnerability in ABB products
ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface.
low complexity
abb CWE-798
8.8
2019-12-18 CVE-2019-18997 Unspecified vulnerability in ABB Pb610 Panel Builder 600 1.90.0.975/2.8.0.424
The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file.
network
low complexity
abb
7.5
2019-12-18 CVE-2019-18996 Untrusted Search Path vulnerability in ABB Pb610 Panel Builder 600 1.90.0.975/2.8.0.424
Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context.
local
low complexity
abb CWE-426
7.8