Vulnerabilities > ABB > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-28 CVE-2021-22283 Improper Initialization vulnerability in ABB products
Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.
local
low complexity
abb CWE-665
5.5
2023-01-12 CVE-2022-3573 Cross-site Scripting vulnerability in multiple products
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.
network
low complexity
gitlab abb CWE-79
5.4
2022-08-24 CVE-2022-34837 Insufficiently Protected Credentials vulnerability in ABB Zenon
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon.
local
low complexity
abb CWE-522
6.1
2022-06-21 CVE-2022-1596 Incorrect Permission Assignment for Critical Resource vulnerability in ABB products
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.
network
low complexity
abb CWE-732
6.5
2022-06-02 CVE-2022-28702 Incorrect Default Permissions vulnerability in ABB E-Design
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.
local
low complexity
abb CWE-276
5.5
2021-10-28 CVE-2021-22278 Improper Certificate Validation vulnerability in ABB Update Manager
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.
local
low complexity
abb CWE-295
6.7
2021-09-23 CVE-2021-22276 Improper Validation of Integrity Check Value vulnerability in ABB products
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.
local
low complexity
abb CWE-354
5.5
2020-05-29 CVE-2020-8482 Insecure Storage of Sensitive Information vulnerability in ABB Device Library Wizard 6.0.3.2/6.1.0
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data
local
low complexity
abb CWE-922
5.5
2020-04-27 CVE-2020-11420 Path Traversal vulnerability in multiple products
UPS Adapter CS141 before 1.90 allows Directory Traversal.
network
low complexity
abb generex CWE-22
6.5
2020-04-22 CVE-2019-19107 Cleartext Transmission of Sensitive Information vulnerability in multiple products
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).
local
low complexity
abb busch-jaeger CWE-319
5.5