Filtered by vendor Abb
Subscribe
Total
119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17926 | 1 Abb | 3 Eth-fw Firmware, Fw Firmware, M2m Ethernet | 2023-12-10 | 3.3 LOW | 4.3 MEDIUM |
| The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism. | |||||
| CVE-2018-18997 | 1 Abb | 4 Gate-e1, Gate-e1 Firmware, Gate-e2 and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. | |||||
| CVE-2017-7933 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access. | |||||
| CVE-2017-7906 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user. | |||||
| CVE-2018-5477 | 1 Abb | 1 Netcadops | 2023-12-10 | 5.0 MEDIUM | 5.8 MEDIUM |
| An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information. | |||||
| CVE-2017-7931 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication. | |||||
| CVE-2017-9664 | 1 Abb | 4 Srea-01, Srea-01 Firmware, Srea-50 and 1 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization. | |||||
| CVE-2017-7916 | 1 Abb | 4 Vsn300, Vsn300 Firmware, Vsn300 For React and 1 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted. | |||||
| CVE-2017-7920 | 1 Abb | 4 Vsn300, Vsn300 Firmware, Vsn300 For React and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating. | |||||
| CVE-2016-2281 | 1 Abb | 1 Panel Builder 800 | 2023-12-10 | 6.0 MEDIUM | 7.2 HIGH |
| Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2016-4516 | 1 Abb | 1 Pcm600 | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-4524 | 1 Abb | 1 Pcm600 | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
| ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | |||||
| CVE-2016-4511 | 1 Abb | 1 Pcm600 | 2023-12-10 | 1.9 LOW | 2.8 LOW |
| ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file. | |||||
| CVE-2016-4527 | 1 Abb | 1 Pcm600 | 2023-12-10 | 1.9 LOW | 3.3 LOW |
| ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-5430 | 1 Abb | 2 Robotstudio, Test Signal Viewer | 2023-12-10 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program. | |||||
| CVE-2013-5021 | 2 Abb, Ni | 5 Datamanager, Labview, Labwindows and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. | |||||
| CVE-2012-1801 | 1 Abb | 7 Interlink Module, Quickteach, Robotstudio Lite and 4 more | 2023-12-10 | 7.7 HIGH | N/A |
| Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data. | |||||
| CVE-2012-0245 | 1 Abb | 10 Interlink Module, Irc5 Opc Server, Pc Sdk and 7 more | 2023-12-10 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet. | |||||
| CVE-2008-2474 | 1 Abb | 1 Pcu400 | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit 400 (PCU400) 4.4 through 4.6 allows remote attackers to execute arbitrary code via a crafted packet using the (1) IEC60870-5-101 or (2) IEC60870-5-104 communication protocol to the X87 web interface. | |||||