Vulnerabilities > ABB > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-05 CVE-2024-6298 Improper Validation of Specified Type of Input vulnerability in ABB products
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely
network
low complexity
abb CWE-1287
critical
9.8
2023-06-05 CVE-2023-0635 Unspecified vulnerability in ABB products
Improper Privilege Management vulnerability in ABB Ltd.
network
low complexity
abb
critical
9.8
2023-06-05 CVE-2023-0636 Unspecified vulnerability in ABB products
Improper Input Validation vulnerability in ABB Ltd.
network
low complexity
abb
critical
9.8
2023-04-06 CVE-2023-0580 Insecure Storage of Sensitive Information vulnerability in ABB MY Control System 5.0/5.13
Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.
network
low complexity
abb CWE-922
critical
9.8
2023-03-27 CVE-2022-4126 Improper Authentication vulnerability in ABB Rccmd
Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.
network
low complexity
abb CWE-287
critical
9.8
2022-07-21 CVE-2022-0902 Path Traversal vulnerability in ABB products
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.
network
low complexity
abb CWE-22
critical
9.8
2022-05-10 CVE-2022-0947 Improper Initialization vulnerability in ABB products
A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration.
network
low complexity
abb CWE-665
critical
9.8
2021-12-13 CVE-2021-22279 Missing Authentication for Critical Function vulnerability in ABB Omnicore C30 Firmware
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.
network
low complexity
abb CWE-306
critical
9.8
2021-09-27 CVE-2021-22272 The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile.
network
low complexity
abb busch-jaeger
critical
9.4
2021-09-08 CVE-2020-24672 Improper Input Validation vulnerability in ABB Base Software
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product.
network
low complexity
abb CWE-20
critical
9.8