Vulnerabilities > ABB

DATE CVE VULNERABILITY TITLE RISK
2020-07-15 CVE-2020-10287 Insufficiently Protected Credentials vulnerability in ABB Irb140 Firmware and Irc5 Firmware
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals.
network
low complexity
abb CWE-522
critical
9.8
2020-05-29 CVE-2020-8482 Insecure Storage of Sensitive Information vulnerability in ABB Device Library Wizard 6.0.3.2/6.1.0
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data
local
low complexity
abb CWE-922
5.5
2020-04-29 CVE-2020-8489 Unspecified vulnerability in ABB 800Xa Information Management
Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable.
local
low complexity
abb
7.8
2020-04-29 CVE-2020-8488 Unspecified vulnerability in ABB 800Xa Batch Management
Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities.
local
low complexity
abb
7.8
2020-04-29 CVE-2020-8487 Unspecified vulnerability in ABB 800Xa Base System
Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.
local
low complexity
abb
7.8
2020-04-29 CVE-2020-8486 Unspecified vulnerability in ABB 800Xa Rnrp
Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.
local
low complexity
abb
7.8
2020-04-29 CVE-2020-8485 Unspecified vulnerability in ABB 800Xa
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
local
low complexity
abb
7.8
2020-04-29 CVE-2020-8484 Unspecified vulnerability in ABB 800Xa
Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
local
low complexity
abb
7.8
2020-04-29 CVE-2020-8481 Insecure Storage of Sensitive Information vulnerability in ABB 800Xa System 5.1
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file.
network
low complexity
abb CWE-922
critical
9.8
2020-04-29 CVE-2020-8479 XML Injection (aka Blind XPath Injection) vulnerability in ABB 800Xa System, Compact HMI and Control Builder Safe
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5.
network
low complexity
abb CWE-91
critical
9.8