Vulnerabilities > ABB
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-22 | CVE-2020-8474 | Improper Privilege Management vulnerability in ABB 800Xa Base System 6.0.0 Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. | 4.6 |
| 2020-04-22 | CVE-2019-19107 | Cleartext Transmission of Sensitive Information vulnerability in multiple products The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed). | 2.1 |
| 2020-04-22 | CVE-2019-19106 | Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings. | 6.4 |
| 2020-04-22 | CVE-2019-19105 | Insufficiently Protected Credentials vulnerability in multiple products The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext. | 2.1 |
| 2020-04-22 | CVE-2019-19104 | Missing Authentication for Critical Function vulnerability in multiple products The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. | 7.5 |
| 2020-01-14 | CVE-2019-10995 | Use of Hard-coded Credentials vulnerability in ABB products ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | 5.8 |
| 2019-12-18 | CVE-2019-18997 | Unspecified vulnerability in ABB Pb610 Panel Builder 600 The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. | 5.0 |
| 2019-12-18 | CVE-2019-18996 | Untrusted Search Path vulnerability in ABB Pb610 Panel Builder 600 1.90.0.975/2.8.0.424 Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context. | 7.8 |
| 2019-12-18 | CVE-2019-18995 | Improper Input Validation vulnerability in ABB Pb610 Panel Builder 600 The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting. | 5.0 |
| 2019-12-18 | CVE-2019-18994 | Improper Input Validation vulnerability in ABB Pb610 Panel Builder 600 Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. | 3.5 |