Vulnerabilities > ABB > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-29 | CVE-2020-8482 | Insecure Storage of Sensitive Information vulnerability in ABB Device Library Wizard 6.0.3.2/6.1.0 Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | 2.1 |
| 2020-04-29 | CVE-2020-8478 | Injection vulnerability in ABB Base Software, MMS Server and OPC Server Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder. | 2.1 |
| 2020-04-22 | CVE-2019-19105 | Insufficiently Protected Credentials vulnerability in multiple products The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext. | 2.1 |
| 2020-04-22 | CVE-2019-19107 | Cleartext Transmission of Sensitive Information vulnerability in multiple products The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed). | 2.1 |
| 2019-12-18 | CVE-2019-18994 | Improper Input Validation vulnerability in ABB Pb610 Panel Builder 600 Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. | 3.5 |
| 2019-01-31 | CVE-2018-17928 | Improper Authentication vulnerability in ABB Cms-770 Firmware The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism. | 3.3 |
| 2019-01-31 | CVE-2018-17926 | Improper Authentication vulnerability in ABB Eth-Fw Firmware and FW Firmware The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism. | 3.3 |
| 2016-06-10 | CVE-2016-4511 | Cryptographic Issues vulnerability in ABB Pcm600 ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file. | 1.9 |
| 2016-06-10 | CVE-2016-4516 | Information Exposure vulnerability in ABB Pcm600 ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors. | 2.1 |
| 2016-06-10 | CVE-2016-4524 | Improper Access Control vulnerability in ABB Pcm600 ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | 2.1 |