CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

ABB : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-14805 287 2018-08-29 2018-11-05
7.5
None Remote Low Not required Partial Partial Partial
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.
2 CVE-2018-10616 20 2018-07-18 2018-09-14
9.3
None Remote Medium Not required Complete Complete Complete
ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.
3 CVE-2018-5477 200 +Info 2018-02-20 2018-03-18
5.0
None Remote Low Not required Partial None None
An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.
4 CVE-2018-1168 264 Exec Code 2018-02-21 2018-03-19
7.2
None Local Low Not required Complete Complete Complete
This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.
5 CVE-2017-15583 200 +Info File Inclusion 2017-10-18 2017-11-08
5.0
None Remote Low Not required Partial None None
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.
6 CVE-2017-14025 20 2017-11-06 2017-11-28
2.1
None Local Low Not required Partial None None
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.
7 CVE-2017-9664 22 Dir. Trav. 2018-05-24 2018-07-02
5.0
None Remote Low Not required Partial None None
In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.
8 CVE-2017-7933 255 2018-06-06 2018-07-20
5.0
None Remote Low Not required Partial None None
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.
9 CVE-2017-7931 287 2018-06-06 2018-07-20
7.5
None Remote Low Not required Partial Partial Partial
In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.
10 CVE-2017-7920 287 2017-08-07 2017-08-17
5.0
None Remote Low Not required Partial None None
An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating.
11 CVE-2017-7916 264 +Priv 2017-08-07 2017-08-17
4.0
None Remote Low Single system Partial None None
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted.
12 CVE-2017-7906 352 2018-06-06 2018-07-20
6.8
None Remote Medium Not required Partial Partial Partial
In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.
13 CVE-2016-4527 255 +Info 2016-06-09 2016-06-15
1.9
None Local Medium Not required Partial None None
ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors.
14 CVE-2016-4524 284 +Info 2016-06-09 2016-06-15
2.1
None Local Low Not required Partial None None
ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors.
15 CVE-2016-4516 200 +Info 2016-06-09 2016-06-15
2.1
None Local Low Not required Partial None None
ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors.
16 CVE-2016-4511 310 +Info 2016-06-09 2016-06-17
1.9
None Local Medium Not required Partial None None
ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.
17 CVE-2016-2281 264 +Priv 2016-03-18 2016-03-21
6.0
None Local High Single system Complete Complete Complete
Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
18 CVE-2014-5430 +Priv 2014-11-07 2014-11-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program.
19 CVE-2013-5021 22 Dir. Trav. 2013-08-06 2013-09-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
20 CVE-2012-1801 119 Exec Code Overflow 2012-04-18 2017-12-19
7.7
None Local Network Low Single system Complete Complete Complete
Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data.
21 CVE-2012-0245 119 Exec Code Overflow 2012-03-09 2012-10-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet.
22 CVE-2008-2474 119 Exec Code Overflow 2008-09-29 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit 400 (PCU400) 4.4 through 4.6 allows remote attackers to execute arbitrary code via a crafted packet using the (1) IEC60870-5-101 or (2) IEC60870-5-104 communication protocol to the X87 web interface.
Total number of vulnerabilities : 22   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.