Vulnerabilities > ABB > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-18995 | Improper Input Validation vulnerability in ABB Pb610 Panel Builder 600 The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting. | 5.0 |
| 2019-06-24 | CVE-2019-7231 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367 The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. | 5.7 |
| 2019-06-24 | CVE-2019-7229 | Download of Code Without Integrity Check vulnerability in ABB products The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files. | 5.4 |
| 2019-04-17 | CVE-2019-10953 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. | 5.0 |
| 2019-02-13 | CVE-2018-19008 | Improper Input Validation vulnerability in ABB Cp400Pb Firmware The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution. | 6.8 |
| 2019-01-03 | CVE-2018-18997 | Cross-site Scripting vulnerability in ABB Gate-E1 Firmware and Gate-E2 Firmware Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. | 4.3 |
| 2018-06-06 | CVE-2017-7933 | Insufficiently Protected Credentials vulnerability in ABB IP Gateway Firmware In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access. | 5.0 |
| 2018-06-06 | CVE-2017-7906 | Cross-Site Request Forgery (CSRF) vulnerability in ABB IP Gateway Firmware In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user. | 6.8 |
| 2018-05-24 | CVE-2017-9664 | Path Traversal vulnerability in ABB Srea-01 Firmware and Srea-50 Firmware In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. | 5.0 |
| 2018-02-20 | CVE-2018-5477 | Information Exposure vulnerability in ABB Netcadops 7.1/8.0/8.1 An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. | 5.0 |