Vulnerabilities > ABB > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-28 | CVE-2021-22283 | Improper Initialization vulnerability in ABB products Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2. | 5.5 |
| 2023-01-12 | CVE-2022-3573 | Cross-site Scripting vulnerability in multiple products An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. | 5.4 |
| 2022-08-24 | CVE-2022-34837 | Insufficiently Protected Credentials vulnerability in ABB Zenon Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. | 6.1 |
| 2022-06-21 | CVE-2022-1596 | Incorrect Permission Assignment for Critical Resource vulnerability in ABB products Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. | 6.5 |
| 2022-06-02 | CVE-2022-28702 | Incorrect Default Permissions vulnerability in ABB E-Design Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | 5.5 |
| 2021-10-28 | CVE-2021-22278 | Improper Certificate Validation vulnerability in ABB Update Manager A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. | 6.7 |
| 2021-09-23 | CVE-2021-22276 | Improper Validation of Integrity Check Value vulnerability in ABB products The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. | 5.5 |
| 2020-05-29 | CVE-2020-8482 | Insecure Storage of Sensitive Information vulnerability in ABB Device Library Wizard 6.0.3.2/6.1.0 Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | 5.5 |
| 2020-04-27 | CVE-2020-11420 | Path Traversal vulnerability in multiple products UPS Adapter CS141 before 1.90 allows Directory Traversal. | 6.5 |
| 2020-04-22 | CVE-2019-19107 | Cleartext Transmission of Sensitive Information vulnerability in multiple products The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed). | 5.5 |