Vulnerabilities > ABB > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-18994 | Improper Input Validation vulnerability in ABB Pb610 Panel Builder 600 1.90.0.975/2.8.0.424 Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. | 6.5 |
| 2019-06-24 | CVE-2019-7231 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367 The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. | 5.7 |
| 2019-01-31 | CVE-2018-17928 | Improper Authentication vulnerability in ABB Cms-770 Firmware 1.7.1 The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism. | 6.5 |
| 2019-01-31 | CVE-2018-17926 | Improper Authentication vulnerability in ABB Eth-Fw Firmware and FW Firmware The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism. | 4.3 |
| 2019-01-03 | CVE-2018-18997 | Cross-site Scripting vulnerability in ABB Gate-E1 Firmware and Gate-E2 Firmware Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. | 6.1 |
| 2018-02-20 | CVE-2018-5477 | Information Exposure vulnerability in ABB Netcadops An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. | 5.8 |
| 2017-08-07 | CVE-2017-7916 | Improper Privilege Management vulnerability in ABB Vsn300 Firmware and Vsn300 for React Firmware A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. | 6.5 |
| 2016-06-10 | CVE-2016-4524 | Improper Access Control vulnerability in ABB Pcm600 2.6 ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | 6.5 |