Vulnerabilities > ABB
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-22 | CVE-2020-24678 | Unspecified vulnerability in ABB Symphony + Historian and Symphony + Operations An authenticated user might execute malicious code under the user context and take control of the system. | 8.8 |
| 2020-12-22 | CVE-2020-24677 | Improper Check for Unusual or Exceptional Conditions vulnerability in ABB Symphony + Historian and Symphony + Operations Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. | 8.8 |
| 2020-12-22 | CVE-2020-24676 | Unspecified vulnerability in ABB Symphony + Historian and Symphony + Operations In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. | 7.8 |
| 2020-12-22 | CVE-2020-24675 | Improper Authentication vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. | 9.8 |
| 2020-12-22 | CVE-2020-24674 | Incorrect Authorization vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. | 8.8 |
| 2020-12-22 | CVE-2020-24673 | SQL Injection vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. | 9.8 |
| 2020-07-15 | CVE-2020-10288 | Improper Authentication vulnerability in ABB Robotware 5.09 IRC5 exposes an ftp server (port 21). | 9.8 |
| 2020-07-15 | CVE-2020-10287 | Insufficiently Protected Credentials vulnerability in ABB Irb140 Firmware and Irc5 Firmware The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. | 9.8 |
| 2020-05-29 | CVE-2020-8482 | Insecure Storage of Sensitive Information vulnerability in ABB Device Library Wizard 6.0.3.2/6.1.0 Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | 5.5 |
| 2020-04-29 | CVE-2020-8489 | Unspecified vulnerability in ABB 800Xa Information Management Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. | 7.8 |