MidnightBSD

Advisories for abb

CVE-2012-0245 HIGH

Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
abb pickmaster_3 -
abb webware_sdk -
abb robview_5 -
abb robotstudio -
abb irc5_opc_server -
abb pickmaster_5 -
abb interlink_module -
abb webware_server -
abb pc_sdk -
abb robot_communications_runtime *
CVE-2012-1801 HIGH

Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
abb robotstudio_s4 -
abb webware_sdk -
abb robotstudio_lite -
abb quickteach -
abb interlink_module -
abb webware_server -
abb s4_opc_server -
CVE-2013-5021 HIGH

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
abb datamanager 1.0.0
ni measurementstudio *
ni teststand *
ni labview *
abb datamanager 6.3.6
ni labwindows *
CVE-2014-5430 MEDIUM

Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
abb robotstudio 5.60
abb robotstudio 5.61.01
abb test_signal_viewer 1.5
abb robotstudio 5.61
CVE-2016-2281 MEDIUM

Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
abb panel_builder_800 5.1
CVE-2016-4511 LOW

ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
abb pcm600 *
CVE-2016-4516 LOW

ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
abb pcm600 *
CVE-2016-4524 LOW

ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,CWE-310,

Products Affected

Vendor Product Version
abb pcm600 *
CVE-2016-4527 LOW

ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
abb pcm600 *
CVE-2017-7906 MEDIUM

In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
abb ip_gateway_firmware *
CVE-2017-7916 MEDIUM

A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,CWE-269,

Products Affected

Vendor Product Version
abb vsn300_for_react_firmware 2.1.3
abb vsn300_firmware *
CVE-2017-7920 MEDIUM

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
abb vsn300_for_react_firmware 2.1.3
abb vsn300_firmware *
CVE-2017-7931 HIGH

In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
abb ip_gateway_firmware *
CVE-2017-7933 MEDIUM

In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
abb ip_gateway_firmware *
CVE-2017-9664 MEDIUM

In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
abb srea-01_firmware *
abb srea-50_firmware *
CVE-2018-10616 HIGH

ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
abb panel_builder_800 -
CVE-2018-1168 HIGH

This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,CWE-732,

Products Affected

Vendor Product Version
abb sys600_firmware 9.2
abb sys600_firmware 9.1.5
abb sys600_firmware 9.4
abb sys600_firmware 9.1
abb sys600_firmware 9.0
CVE-2018-17926 LOW

The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism.

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
abb fw_firmware *
abb eth-fw_firmware *
CVE-2018-17928 LOW

The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism.

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
abb cms-770_firmware *
CVE-2018-18995 HIGH

Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
abb gate-e2_firmware *
abb gate-e1_firmware *
CVE-2018-18997 MEDIUM

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
abb gate-e2_firmware *
abb gate-e1_firmware *
CVE-2018-19008 MEDIUM

The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
abb cp400pb_firmware *
CVE-2018-5477 MEDIUM

An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
abb netcadops *
abb netcadops 8.1
abb netcadops 8.0
abb netcadops 7.1
CVE-2019-10953 MEDIUM

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
siemens 6es7314-6eh04-0ab0_firmware -
phoenixcontact ilc_151_eth_firmware -
abb pm554-tp-eth_firmware -
wago bacnet/ip_firmware -
wago ethernet_firmware -
schneider-electric modicon_m221_firmware *
wago pfc100_firmware -
siemens 6es7211-1ae40-0xb0_firmware -
wago knx_ip_firmware -
siemens 6ed1052-1cc01-0ba8_firmware -
CVE-2019-10995 MEDIUM

ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
abb cp661-web_firmware *
abb cp676-web_firmware *
abb cp661_firmware *
abb cp665-web_firmware *
abb cp665_firmware *
abb cp651-web_firmware *
abb cp651_firmware *
abb cp676_firmware *
CVE-2019-18250 HIGH

In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-288,CWE-287,

Products Affected

Vendor Product Version
abb plant_connect *
abb power_generation_information_manager *
CVE-2019-18994 LOW

Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
cybersecurity@ch.abb.com 3.9 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L 1.3 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
abb pb610_panel_builder_600 *
CVE-2019-18995 MEDIUM

The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
cybersecurity@ch.abb.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
abb pb610_panel_builder_600 *
CVE-2019-18996 MEDIUM

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-424,CWE-426,

Products Affected

Vendor Product Version
abb pb610_panel_builder_600 *
CVE-2019-18997 MEDIUM

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
cybersecurity@ch.abb.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-424,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
abb pb610_panel_builder_600 *
CVE-2019-19104 HIGH

The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-306,

Products Affected

Vendor Product Version
abb tg/s3.2_firmware -
busch-jaeger 6186/11_firmware -
CVE-2019-19105 LOW

The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
abb tg/s3.2_firmware -
busch-jaeger 6186/11_firmware -
CVE-2019-19106 MEDIUM

Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,NVD-CWE-Other,

Products Affected

Vendor Product Version
abb tg/s3.2_firmware -
busch-jaeger 6186/11_firmware -
CVE-2019-19107 LOW

The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,CWE-319,

Products Affected

Vendor Product Version
abb tg/s3.2_firmware -
busch-jaeger 6186/11_firmware -
CVE-2019-7225 MEDIUM

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
abb cp630_firmware *
abb cp661-web_firmware *
abb cp661_firmware *
abb cp665-web_firmware *
abb cp665_firmware *
abb cp630-web_firmware *
abb cp651-web_firmware *
abb cp620_firmware *
abb cp635_firmware *
abb cp635-b_firmware *
abb cp635-web_firmware *
abb pb610_firmware *
abb cp620-web_firmware *
abb cp676-web_firmware *
abb cp651_firmware *
abb cp676_firmware *
CVE-2019-7226 MEDIUM

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
abb pb610_panel_builder_600_firmware *
CVE-2019-7227 MEDIUM

In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
abb pb610_panel_builder_600_firmware *
CVE-2019-7228 MEDIUM

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
abb pb610_panel_builder_600_firmware *
CVE-2019-7229 MEDIUM

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-494,

Products Affected

Vendor Product Version
abb cp630_firmware *
abb cp635-b_firmware *
abb cp635-web_firmware *
abb cp620-web_firmware *
abb board_support_package_un31 *
abb cp630-web_firmware *
abb cp620_firmware *
abb cp635_firmware *
CVE-2019-7230 MEDIUM

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
abb pb610_panel_builder_600_firmware *
CVE-2019-7231 LOW

The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
abb pb610_panel_builder_600_firmware *
CVE-2019-7232 MEDIUM

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
abb pb610_panel_builder_600_firmware *
CVE-2020-10287 HIGH

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,CWE-522,

Products Affected

Vendor Product Version
abb irc5_firmware -
abb irb140_firmware -
CVE-2020-10288 HIGH

IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,CWE-287,

Products Affected

Vendor Product Version
abb robotware 5.09
CVE-2020-11420 MEDIUM

UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
abb cs141_firmware *
generex cs141_firmware *
CVE-2020-11639

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing the product to store wrong information or act on wrong data or display wrong information. This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. For an attack to be successful, the attacker must have local access to a node in the system and be able to start a specially crafted application that disrupts the communication. An attacker who successfully exploited the vulnerability would be able to manipulate the data in such way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300 and AdvaBuild to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
abb advabuild 3.7
abb advabuild *
CVE-2020-11640

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables.  Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
abb advabuild 3.7
abb advabuild *
CVE-2020-24672 MEDIUM

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,CWE-862,CWE-20,

Products Affected

Vendor Product Version
abb base_software *
CVE-2020-24673 HIGH

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cybersecurity@ch.abb.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
abb symphony_+_historian 3.0
abb symphony_+_operations 2.1
abb symphony_+_operations 2.0
abb symphony_+_operations 3.2
abb symphony_+_operations 1.1
abb symphony_+_operations 3.0
abb symphony_+_historian 3.1
abb symphony_+_operations 3.1
abb symphony_+_operations 3.3
CVE-2020-24674 HIGH

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-285,CWE-863,

Products Affected

Vendor Product Version
abb symphony_+_historian 3.0
abb symphony_+_operations 2.1
abb symphony_+_operations 2.0
abb symphony_+_operations 3.2
abb symphony_+_operations 1.1
abb symphony_+_operations 3.0
abb symphony_+_historian 3.1
abb symphony_+_operations 3.1
abb symphony_+_operations 3.3
CVE-2020-24675 HIGH

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
abb symphony_+_historian 3.0
abb symphony_+_operations 2.1
abb symphony_+_operations 2.0
abb symphony_+_operations 3.2
abb symphony_+_operations 1.1
abb symphony_+_operations 3.0
abb symphony_+_historian 3.1
abb symphony_+_operations 3.1
abb symphony_+_operations 3.3
CVE-2020-24676 MEDIUM

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-274,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
abb symphony_+_historian 3.0
abb symphony_+_operations 2.1
abb symphony_+_operations 2.0
abb symphony_+_operations 3.2
abb symphony_+_operations 1.1
abb symphony_+_operations 3.0
abb symphony_+_historian 3.1
abb symphony_+_operations 3.1
abb symphony_+_operations 3.3
CVE-2020-24677 MEDIUM

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
abb symphony_+_historian 3.0
abb symphony_+_operations 2.1
abb symphony_+_operations 2.0
abb symphony_+_operations 3.2
abb symphony_+_operations 1.1
abb symphony_+_operations 3.0
abb symphony_+_historian 3.1
abb symphony_+_operations 3.1
abb symphony_+_operations 3.3
CVE-2020-24678 MEDIUM

An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cybersecurity@ch.abb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
abb symphony_+_historian 3.0
abb symphony_+_operations 2.1
abb symphony_+_operations 2.0
abb symphony_+_operations 3.2
abb symphony_+_operations 1.1
abb symphony_+_operations 3.0
abb symphony_+_historian 3.1
abb symphony_+_operations 3.1
abb symphony_+_operations 3.3
CVE-2020-24679 HIGH

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
abb symphony_+_historian 3.0
abb symphony_+_operations 2.1
abb symphony_+_operations 2.0
abb symphony_+_operations 3.2
abb symphony_+_operations 1.1
abb symphony_+_operations 3.0
abb symphony_+_historian 3.1
abb symphony_+_operations 3.1
abb symphony_+_operations 3.3
CVE-2020-24680 MEDIUM

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,CWE-522,

Products Affected

Vendor Product Version
abb symphony_+_historian 3.0
abb symphony_+_operations 2.1
abb symphony_+_operations 2.0
abb symphony_+_operations 3.2
abb symphony_+_operations 1.1
abb symphony_+_operations 3.0
abb symphony_+_historian 3.1
abb symphony_+_operations 3.1
abb symphony_+_operations 3.3
CVE-2020-24683 HIGH

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cybersecurity@ch.abb.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-305,CWE-602,CWE-669,

Products Affected

Vendor Product Version
abb symphony_+_historian 3.0
abb symphony_+_operations 2.1
abb symphony_+_operations 2.0
abb symphony_+_operations 3.2
abb symphony_+_operations 1.1
abb symphony_+_operations 3.0
abb symphony_+_historian 3.1
abb symphony_+_operations 3.1
abb symphony_+_operations 3.3
CVE-2020-24685 MEDIUM

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0
cybersecurity@ch.abb.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-789,CWE-770,

Products Affected

Vendor Product Version
abb ac500_cpu_firmware *
CVE-2020-24686 MEDIUM

The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
abb pm564_firmware -
abb pm566_firmware -
abb pm556_firmware -
abb pm573_firmware -
abb pm572_firmware -
abb pm554_firmware -
CVE-2020-8471 MEDIUM

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-275,CWE-276,

Products Affected

Vendor Product Version
abb control_builder_safe 1.0
abb control_builder_safe 1.1
abb 800xa_system 5.1
abb compact_hmi 5.1
CVE-2020-8472 MEDIUM

Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
abb control_builder_m *
abb base_software *
abb opc_server *
abb mms_server *
CVE-2020-8473 MEDIUM

Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
abb 800xa_base_system *
CVE-2020-8474 MEDIUM

Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-275,CWE-269,

Products Affected

Vendor Product Version
abb 800xa_base_system *
CVE-2020-8475 LOW

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cybersecurity@ch.abb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
abb 800xa_system 6.1
abb control_builder_safe 1.1
abb 800xa_system 6.0.3.3
abb 800xa_system 6.0
abb 800xa_system 6.0.3
abb 800xa_system 5.1
abb compact_hmi 6.0.3-2
abb control_builder_safe 1.0
abb control_builder_safe 2.0
abb 800xa_system 6.0.1
abb compact_hmi 6.0.1-1
abb compact_hmi 5.1
CVE-2020-8476 MEDIUM

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
cybersecurity@ch.abb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
abb 800xa_system 6.1
abb control_builder_safe 1.1
abb 800xa_system 6.0.3.3
abb 800xa_system 6.0
abb 800xa_system 6.0.3
abb 800xa_system 5.1
abb compact_hmi 6.0.3-2
abb control_builder_safe 1.0
abb control_builder_safe 2.0
abb 800xa_system 6.0.1
abb compact_hmi 6.0.1-1
abb compact_hmi 5.1
CVE-2020-8477 MEDIUM

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
cybersecurity@ch.abb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-489,CWE-79,

Products Affected

Vendor Product Version
abb 800xa_information_manager *
abb 800xa_information_manager 5.1
abb 800xa_information_manager 6.1
CVE-2020-8478 LOW

Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,CWE-74,

Products Affected

Vendor Product Version
abb base_software *
abb opc_server *
abb mms_server *
CVE-2020-8479 HIGH

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-91,CWE-91,

Products Affected

Vendor Product Version
abb control_builder_safe 1.0
abb 800xa_system 6.1
abb control_builder_safe 2.0
abb control_builder_safe 1.1
abb 800xa_system 6.0.1
abb compact_hmi 6.0.1-1
abb 800xa_system 6.0
abb 800xa_system 6.0.3
abb 800xa_system 5.1
abb compact_hmi 5.1
abb compact_hmi 6.0.3-2
CVE-2020-8481 HIGH

For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,CWE-922,

Products Affected

Vendor Product Version
abb 800xa_system 5.1
CVE-2020-8482 LOW

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-922,CWE-922,

Products Affected

Vendor Product Version
abb device_library_wizard 6.1.0
abb device_library_wizard *
CVE-2020-8484 MEDIUM

Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,NVD-CWE-Other,

Products Affected

Vendor Product Version
abb 800xa *
CVE-2020-8485 MEDIUM

Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,NVD-CWE-Other,

Products Affected

Vendor Product Version
abb 800xa *
CVE-2020-8486 MEDIUM

Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,NVD-CWE-Other,

Products Affected

Vendor Product Version
abb 800xa_rnrp *
CVE-2020-8487 MEDIUM

Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,NVD-CWE-Other,

Products Affected

Vendor Product Version
abb 800xa_base_system *
CVE-2020-8488 MEDIUM

Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,NVD-CWE-Other,

Products Affected

Vendor Product Version
abb 800xa_batch_management *
CVE-2020-8489 MEDIUM

Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,NVD-CWE-Other,

Products Affected

Vendor Product Version
abb 800xa_information_management *
CVE-2021-22272 HIGH

The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5
nvd@nist.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 3.9 5.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
busch-jaeger mybusch-jaeger *
abb mybuildings *
CVE-2021-22276 MEDIUM

The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H 1.8 4.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-354,

Products Affected

Vendor Product Version
abb wl-system_access_point_127v_firmware *
abb system_access_point_2.0_firmware *
abb wl-system_access_point_firmware *
abb system_access_point_127v_firmware *
abb wl-system_access_point_2.0_firmware *
CVE-2021-22277 HIGH

Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cybersecurity@ch.abb.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
abb 800xa *
abb compact_product_suite *
abb base_software *
abb control_builder_safe *
CVE-2021-22278 MEDIUM

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
abb update_manager 2.2.0.1
abb update_manager 2.4.20119.2
abb update_manager 2.1
abb update_manager 2.2.0.2
abb update_manager 2.2.0.23
abb update_manager 2.1.0.4
abb update_manager *
abb update_manager 2.3.0.60
abb update_manager 2.2
abb update_manager 2.4.20041.1
CVE-2021-22279 HIGH

A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cybersecurity@ch.abb.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
abb omnicore_c30_firmware *
CVE-2021-22283

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
abb rec615_firmware *
abb smu615_firmware *
abb evd4_firmware *
abb rer615_firmware *
abb ref615r_firmware *
abb relion_620_ansi_firmware *
abb ref615_iec_firmware *
abb relion_615_iec_firmware *
abb relion_620_iec_firmware *
abb rer620_firmware *
abb rex640_pcl1_firmware *
abb rex640_pcl3_firmware *
abb red615_iec_firmware *
abb relion_620_cn_firmware *
abb relion_611_firmware *
abb relion_615_cn_firmware *
abb ref615_ansi_firmware *
abb rex640_pcl2_firmware *
abb relion_615_ansi_firmware *
CVE-2021-22284 MEDIUM

Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
abb opc_server_for_ac_800m *
CVE-2021-22285 MEDIUM

Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cybersecurity@ch.abb.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-755,CWE-754,CWE-755,

Products Affected

Vendor Product Version
abb pni800_firmware *
abb spiet800_firmware *
CVE-2021-22286 MEDIUM

Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
abb pni800_firmware *
abb spiet800_firmware *
CVE-2021-22288 MEDIUM

Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cybersecurity@ch.abb.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
abb pni800_firmware *
abb spiet800_firmware *
CVE-2021-27196 MEDIUM

Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
abb relion_650_firmware 1.1
hitachienergy modular_switchgear_monitoring_firmware *
abb pwc600_firmware *
abb relion_670_firmware 1.1
abb rtu500_firmware 7.0
abb rtu500_firmware 10.0
abb relion_650_firmware *
abb relion_650_firmware 1.2
abb relion_670_firmware *
abb rtu500_firmware 12.0
abb rtu500_firmware 9.0
abb relion_sam600-io_firmware *
abb rtu500_firmware 8.0
hitachienergy reb500_firmware *
abb gms600_firmware *
abb relion_650_firmware 2.1
abb rtu500_firmware 11.0
abb relion_670_firmware 2.1
abb fox615_tego1_firmware *
CVE-2021-35533 HIGH

Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cybersecurity@hitachienergy.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
abb rtu500_firmware 12.0
abb rtu500_firmware 12.2
abb rtu500_firmware 12.4
CVE-2022-0010

Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
abb qcs_ac450_firmware 6.1.0
abb platform_engineering_tools *
abb qcs_800xa_firmware *
abb qcs_800xa_firmware 5.1.0
abb qcs_ac450_firmware *
CVE-2022-0902

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cybersecurity@ch.abb.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
abb xio_firmware *
abb rmc-100_firmware *
abb rmc-100-lite_firmware *
abb xrcg5_firmware *
abb xfcg5_firmware *
abb udc_firmware *
abb uflog5_firmware *
CVE-2022-0947 MEDIUM

A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cybersecurity@ch.abb.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,CWE-665,

Products Affected

Vendor Product Version
abb arp600a2260na_firmware *
abb arr600a3261na_firmware *
abb arg600a1220na_firmware *
abb arc600a2324na_firmware *
abb arr600a3222na_firmware *
abb arp600a2200na_firmware *
abb arg600a1260na_firmware *
abb arc600a2323na_firmware *
abb arg600a1240na_firmware *
abb arp600a2651na_firmware *
abb arp600a2220na_firmware *
abb arr600a3251na_firmware *
abb arp600a2560na_firmware *
abb arr600a3201na_firmware *
abb arr600a3252na_firmware *
abb arp600a2250na_firmware *
abb arc600a2325na_firmware *
abb arg600a1230na_firmware *
abb arg600a2622na_firmware *
abb arg600a2625na_firmware *
abb arr600a3202na_firmware *
abb viola_systems_arctic_firmware *
abb arr600a3221na_firmware *
abb arr600a3262na_firmware *
CVE-2022-1596 MEDIUM

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
cybersecurity@ch.abb.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
abb rex640_pcl1_firmware *
abb rex640_pcl3_firmware *
abb rex640_pcl2_firmware *
CVE-2022-1607

Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
cybersecurity@ch.abb.com 4.6 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 2.1 2.5

Products Affected

Vendor Product Version
abb ne843_s *
abb infinity_dc_power_plant *
CVE-2022-26057 HIGH

Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@ch.abb.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
abb mint_workbench *
CVE-2022-26080

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N 2.1 4.2
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
abb h5692448_g104_firmware -
abb ne843_s_firmware -
abb h5692448_g451c(2)_firmware -
abb h5692448_g630-4_firmware -
abb h5692448_g224l_firmware -
abb h5692448_g461(2)_firmware -
abb h5692448_g842_firmware -
CVE-2022-28613 HIGH

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@hitachienergy.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1284,CWE-1284,

Products Affected

Vendor Product Version
abb rtu500_firmware *
hitachienergy rtu500_firmware *
CVE-2022-28702 MEDIUM

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
abb e-design *
CVE-2022-29483 HIGH

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
abb e-design *
CVE-2022-31216 HIGH

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
abb automation_builder *
abb mint_workbench *
abb drive_composer *
CVE-2022-31217 HIGH

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
abb automation_builder *
abb mint_workbench *
abb drive_composer *
CVE-2022-31218 HIGH

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
abb automation_builder *
abb mint_workbench *
abb drive_composer *
CVE-2022-31219 HIGH

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@ch.abb.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
abb automation_builder *
abb mint_workbench *
abb drive_composer *
CVE-2022-3192

Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
abb ac500_cpu_firmware *
CVE-2022-3353

A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.  An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.  Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@hitachienergy.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
hitachi itt600_sa_explorer 1.7.2
hitachi relion_650_firmware 2.2.2
hitachi relion_650_firmware 2.2.0
hitachi itt600_sa_explorer 1.1.0
hitachi itt600_sa_explorer 2.0.2
hitachi itt600_sa_explorer 2.1.0.5
abb sys600_firmware *
hitachi relion_670_firmware 2.2.1
hitachi relion_650_firmware 2.1
hitachi itt600_sa_explorer 1.5.0
hitachi itt600_sa_explorer 2.0.1
hitachi pwc600_firmware 1.0
hitachi itt600_sa_explorer 2.1.0.4
hitachi relion_650_firmware 2.2.3
hitachi pwc600_firmware 1.2
hitachi relion_670_firmware 2.2.5
hitachi itt600_sa_explorer 1.1.1
hitachi relion_650_firmware 1.3
abb rtu500_firmware 13.4.1
hitachi pwc600_firmware 1.1
hitachi relion_sam600-io_firmware 2.2.5
hitachi relion_670_firmware 2.1
hitachi gms600_firmware 1.3.0
hitachi itt600_sa_explorer 2.0.5.4
abb fox615_tego1_firmware r1d02
abb fox615_tego1_firmware r1b02
abb fox615_tego1_firmware r15b08
hitachi relion_670_firmware 2.2.2
hitachi itt600_sa_explorer 2.0.5.0
abb reb500_firmware *
hitachi relion_670_firmware 1.2
hitachi itt600_sa_explorer 1.6.0.1
abb txpert_hub_coretec_4_firmware *
abb fox615_tego1_firmware r2b16_03
hitachi relion_670_firmware 2.2.3
hitachi relion_650_firmware 2.2.5
hitachi relion_650_firmware 1.1
hitachi relion_sam600-io_firmware 2.2.1
abb fox615_tego1_firmware r2b16
hitachi itt600_sa_explorer 1.1.2
hitachi itt600_sa_explorer 2.0.4.1
hitachi relion_670_firmware 2.0
hitachi relion_670_firmware 2.2.4
hitachi itt600_sa_explorer 1.7.0
hitachi itt600_sa_explorer 1.5.1
hitachi relion_650_firmware 2.2.1
abb fox615_tego1_firmware r1e01
abb rtu500_firmware *
hitachi relion_650_firmware 2.2.4
hitachi itt600_sa_explorer 2.0.3
abb fox615_tego1_firmware r1c07
hitachi itt600_sa_explorer 1.6.0
abb modular_switchgear_monitoring_firmware *
hitachi itt600_sa_explorer 1.8.0
hitachi relion_670_firmware 2.2.0
abb txpert_hub_coretec_5_firmware 3.0.0
CVE-2022-34836

Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 5.9 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N 1.6 4.2
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

Products Affected

Vendor Product Version
abb zenon *
CVE-2022-34837

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N 1.8 4.2
cybersecurity@ch.abb.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L 1.4 4.7

Products Affected

Vendor Product Version
abb zenon *
CVE-2022-34838

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.1 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 1.4 6.0
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 2.0 5.8

Products Affected

Vendor Product Version
abb zenon *
CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
gitlab gitlab *
abb drive_composer *
CVE-2022-4126

Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cybersecurity@ch.abb.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
abb rccmd *
CVE-2023-0228

Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
abb symphony_plus_s+_operations *
abb symphony_plus_s+_operations 2.1
abb symphony_plus_s+_operations 2.2
abb symphony_plus_s+_operations 3.3
CVE-2023-0425

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible.  Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F:  from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;  Freelance controllers AC 900F:  Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7

Products Affected

Vendor Product Version
abb ac700f_firmware *
abb ac700f_firmware 9.2.0
abb freelance_2013 -
abb freelance_2016 -
abb freelance_2019 -
CVE-2023-0426

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:  Freelance controllers AC 700F:  from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;  Freelance controllers AC 900F:  through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7

Products Affected

Vendor Product Version
abb ac700f_firmware *
abb ac700f_firmware 9.2.0
abb freelance_2013 -
abb freelance_2016 -
abb freelance_2019 -
CVE-2023-0580

Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cybersecurity@ch.abb.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
abb my_control_system *
CVE-2023-0635

Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2023-0636

Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2023-0863

Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
abb terra_ac_wallbox_jp_firmware *
abb terra_ac_wallbox_ul40_firmware *
abb terra_ac_wallbox_ce_juno_firmware *
abb terra_ac_wallbox_ce_ptb_firmware *
abb terra_ac_wallbox_ce_symbiosis_firmware *
abb terra_ac_wallbox_80a_firmware *
abb terra_ac_wallbox_ul32a_firmware *
abb terra_ac_wallbox_ce_mid_firmware *
CVE-2023-0864

Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.1 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
abb terra_ac_wallbox_jp_firmware *
abb terra_ac_wallbox_ul40_firmware *
abb terra_ac_wallbox_ce_juno_firmware *
abb terra_ac_wallbox_ce_ptb_firmware *
abb terra_ac_wallbox_ce_symbiosis_firmware *
abb terra_ac_wallbox_80a_firmware *
abb terra_ac_wallbox_ul32a_firmware *
abb terra_ac_wallbox_ce_mid_firmware *
CVE-2023-1258

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
cybersecurity@ch.abb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
abb flow-x/s_firmware *
abb flow-x/c_firmware *
abb flow-x/t_firmware *
abb flow-x/m_firmware *
abb flow-x/web_firmware *
abb flow-x/k_firmware *
abb flow-x/p_firmware *
abb flow-x_r_firmware *
CVE-2023-2625

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@hitachienergy.com 9.0 CRITICAL CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
abb txpert_hub_coretec_4_firmware *
CVE-2023-2685

A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.2 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 0.6 6.0

Products Affected

Vendor Product Version
abb ao-opc *
CVE-2023-2876

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.6 1.4

Products Affected

Vendor Product Version
abb rex640_pcl1_firmware *
abb rex640_pcl3_firmware *
abb rex640_pcl2_firmware *
CVE-2023-3321

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
abb zenon *
CVE-2023-3322

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
abb zenon *
CVE-2023-3323

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 5.9 MEDIUM CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H 0.4 5.5

Products Affected

Vendor Product Version
abb zenon *
CVE-2023-3324

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H 0.8 5.5

Products Affected

Vendor Product Version
abb zenon *
CVE-2024-11316

Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-11317

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 3.9 5.8

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-1913

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.  The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 < 7.14

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
abb robotware *
CVE-2024-1914

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 < 7.14

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
abb robotware *
CVE-2024-3036

Improper Input Validation vulnerability in ABB 800xA Base. An attacker who successfully exploited this vulnerability could cause services to crash by sending specifically crafted messages. This issue affects 800xA Base: from 6.0.0 through 6.1.1-2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
abb 800xa_base_system *
CVE-2024-4007

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
abb nexus-2128_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-4008

FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
abb 2tma310011b0002_firmware *
abb 2tma310011b0001_firmware *
abb 2tma310010b0001_firmware *
abb 2tma310011b0003_firmware *
abb 2tma310010b0003_firmware *
CVE-2024-4009

Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.2 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H 2.5 6.0

Products Affected

Vendor Product Version
abb 2tma310011b0002_firmware *
abb 2tma310011b0001_firmware *
abb 2tma310010b0001_firmware *
abb 2tma310011b0003_firmware *
abb 2tma310010b0003_firmware *
CVE-2024-48839

Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 3.9 6.0

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-48840

Unauthorized Access vulnerabilities allow Remote Code Execution.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 3.9 6.0

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-48843

Denial of Service vulnerabilities where found providing a potiential for device service disruptions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 1.8 5.3

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-48844

Denial of Service vulnerabilities where found providing a potiential for device service disruptions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 1.8 5.3

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-48845

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-48846

Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N 2.8 4.2

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-48847

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes.  Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N 3.9 4.2

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51541

Local File Inclusion vulnerabilities allow access to sensitive system information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51542

Configuration Download vulnerabilities allow access to dependency configuration information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51543

Information Disclosure vulnerabilities allow access to application configuration information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51544

Service Control vulnerabilities allow access to service restart requests and vm configuration settings.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51545

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51546

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51547

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51548

Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51549

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 3.9 6.0

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51550

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 3.9 6.0

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51551

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-51554

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L 3.1 5.3

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-5402

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 5868.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
abb mint_workbench *
CVE-2024-6209

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-6298

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-6515

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 3.1 5.8

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-6516

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L 2.3 6.0

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2024-6784

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
abb nexus-264-f_firmware *
abb nexus-2128_firmware *
abb nexus-2128-g_firmware *
abb nexus-2128-f_firmware *
abb nexus-2128-a_firmware *
abb nexus-3-264_firmware *
abb matrix-11_firmware *
abb aspect-ent-256_firmware *
abb aspect-ent-96_firmware *
abb matrix-264_firmware *
abb nexus-264-g_firmware *
abb nexus-3-2128_firmware *
abb aspect-ent-2_firmware *
abb aspect-ent-12_firmware *
abb nexus-264-a_firmware *
abb matrix-232_firmware *
abb matrix-216_firmware *
abb matrix-296_firmware *
abb nexus-264_firmware *
CVE-2025-3394

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@ch.abb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
abb automation_builder *
CVE-2025-3395

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@ch.abb.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

Products Affected

Vendor Product Version
abb automation_builder *