Vulnerabilities > ABB > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-29 | CVE-2020-8472 | Incorrect Permission Assignment for Critical Resource vulnerability in ABB products Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. | 7.8 |
| 2020-04-22 | CVE-2020-8477 | Cross-site Scripting vulnerability in ABB 800Xa Information Manager The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. | 8.8 |
| 2020-04-22 | CVE-2020-8474 | Improper Privilege Management vulnerability in ABB 800Xa Base System 5.1/6.0/6.0.0 Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. | 7.8 |
| 2020-01-14 | CVE-2019-10995 | Use of Hard-coded Credentials vulnerability in ABB products ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | 8.8 |
| 2019-12-18 | CVE-2019-18997 | Unspecified vulnerability in ABB Pb610 Panel Builder 600 1.90.0.975/2.8.0.424 The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. | 7.5 |
| 2019-12-18 | CVE-2019-18996 | Untrusted Search Path vulnerability in ABB Pb610 Panel Builder 600 1.90.0.975/2.8.0.424 Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context. | 7.8 |
| 2019-06-27 | CVE-2019-7225 | Use of Hard-coded Credentials vulnerability in ABB products The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | 8.8 |
| 2019-06-27 | CVE-2019-7227 | Path Traversal vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367 In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. | 7.3 |
| 2019-06-27 | CVE-2019-7226 | Improper Authentication vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367 The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. | 8.8 |
| 2019-06-27 | CVE-2019-7228 | Use of Externally-Controlled Format String vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367 The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. | 8.8 |