Vulnerabilities > ABB > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-22 | CVE-2020-24678 | Unspecified vulnerability in ABB Symphony + Historian and Symphony + Operations An authenticated user might execute malicious code under the user context and take control of the system. | 8.8 |
| 2020-12-22 | CVE-2020-24677 | Improper Check for Unusual or Exceptional Conditions vulnerability in ABB Symphony + Historian and Symphony + Operations Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. | 8.8 |
| 2020-12-22 | CVE-2020-24676 | Unspecified vulnerability in ABB Symphony + Historian and Symphony + Operations In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. | 7.8 |
| 2020-12-22 | CVE-2020-24674 | Incorrect Authorization vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. | 8.8 |
| 2020-04-29 | CVE-2020-8489 | Unspecified vulnerability in ABB 800Xa Information Management Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. | 7.8 |
| 2020-04-29 | CVE-2020-8488 | Unspecified vulnerability in ABB 800Xa Batch Management Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. | 7.8 |
| 2020-04-29 | CVE-2020-8487 | Unspecified vulnerability in ABB 800Xa Base System Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. | 7.8 |
| 2020-04-29 | CVE-2020-8486 | Unspecified vulnerability in ABB 800Xa Rnrp Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. | 7.8 |
| 2020-04-29 | CVE-2020-8485 | Unspecified vulnerability in ABB 800Xa Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | 7.8 |
| 2020-04-29 | CVE-2020-8484 | Unspecified vulnerability in ABB 800Xa Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | 7.8 |