Skip to main content

Abb

136 CVEs vendor

Monthly

CVE-2025-13162 MEDIUM CISA This Month

Uncontrolled Search Path Element (DLL hijacking) in ABB Control Builder A and 800xA for Advant Master enables a local low-privileged attacker to achieve high-integrity code execution on industrial engineering workstations. Affected versions span Control Builder A through 1.4/4 and 800xA for Advant Master through 6.2.0-1, covering multiple release branches of ABB's flagship OT automation suite. No public exploit or CISA KEV listing is identified at time of analysis, limiting immediate mass-exploitation risk, though OT environments running these ICS platforms warrant targeted patching prioritization given integrity-impact severity.

Abb Information Disclosure Control Builder A 800Xa For Advant Master
NVD
CVSS 4.0
4.1
EPSS
0.1%
CVE-2025-7064 MEDIUM CISA This Month

Authentication bypass via primary weakness (CWE-305) in ABB Freelance DCS affects every major release line from 2013 through 2024, allowing a locally authenticated low-privilege user to circumvent the product's authentication mechanism and gain elevated control over the system. The CVSS vector (AV:L/PR:L/I:H) confirms the attacker must already hold a foothold on the host but can then achieve high integrity impact - particularly serious in an industrial control system context where manipulating controller configurations can affect physical processes. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the wide version span and OT deployment context elevate remediation urgency.

Authentication Bypass Abb
NVD VulDB
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-14774 HIGH CISA This Week

Authorization bypass in ABB T-MAC Plus version 4.0-24 allows adjacent-network attackers to perform unauthorized actions that compromise device integrity and availability without any credentials or user interaction. The flaw is an incorrect authorization weakness (CWE-863) carrying a CVSS 4.0 score of 7.2, and no public exploit identified at time of analysis. ABB itself disclosed the issue and published an advisory describing the affected firmware.

Abb Authentication Bypass
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-14773 HIGH CISA This Week

Stored/reflected cross-site scripting in ABB T-MAC Plus version 4.0-24 allows authenticated low-privileged attackers to inject malicious script content into the web management interface, which executes in the browsers of other users who interact with the affected pages. With a CVSS 4.0 base score of 7.2 and no public exploit identified at time of analysis, the flaw is notable because successful exploitation impacts both the vulnerable component and downstream subsequent systems with high integrity and availability consequences, reflecting the operational-technology context typical of ABB industrial products.

XSS Abb
NVD VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-14772 HIGH CISA This Week

Authorization bypass in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to access or modify resources belonging to other users by manipulating user-controlled identifiers (IDOR). The flaw scores CVSS 7.3 with high impact to integrity and availability, and no public exploit identified at time of analysis. The vulnerability was reported by the vendor (ABB) itself, indicating coordinated disclosure rather than incident-driven discovery.

Abb Authentication Bypass
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-14771 HIGH CISA This Week

Unauthorized file or directory access in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to read, modify, or otherwise interact with resources that should not be externally reachable, with CVSS 4.0 scoring 7.3 due to high confidentiality and availability impact plus scope change to subsequent systems. The flaw is classified under CWE-552 (Files or Directories Accessible to External Parties) and was disclosed by ABB itself. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Abb Path Traversal
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-13779 HIGH CISA Act Now

Authentication bypass in ABB AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1) industrial gateways allows adjacent-network attackers to invoke critical functions without credentials, resulting in high confidentiality and availability impact. The flaw was reported by ABB itself and carries a CVSS 4.0 score of 7.2; no public exploit identified at time of analysis and EPSS sits at 0.03% (7th percentile), indicating low predicted exploitation likelihood despite the serious technical impact.

Authentication Bypass Abb
NVD VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-13778 HIGH CISA Act Now

Availability compromise of ABB AWIN GW100 rev.2 and AWIN GW120 industrial gateways stems from a missing authentication check on a critical function (CWE-306), enabling unauthenticated adjacent-network attackers to disrupt device operation. CVSS 4.0 scores the issue 7.1 with high availability impact but no confidentiality or integrity loss, and EPSS rates exploitation probability at just 0.03% (6th percentile) with no public exploit identified at time of analysis.

Abb Authentication Bypass
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-13777 HIGH CISA Act Now

CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability.

Authentication Bypass Abb
NVD VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-12143 MEDIUM CISA This Month

Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Abb
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-10571 CRITICAL CISA This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.2.0.0, 3.2.1.1. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-10504 MEDIUM CISA This Month

Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Abb
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-10207 HIGH This Month

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Abb
NVD
CVSS 4.0
7.5
EPSS
0.1%
CVE-2024-48851 HIGH This Month

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Abb
NVD
CVSS 4.0
7.5
EPSS
0.3%
CVE-2025-10205 HIGH This Month

Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Abb
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2024-48842 HIGH This Week

Use of Hard-coded Credentials vulnerability in ABB FLXEON.3.5 and newer versions. Rated high severity (CVSS 7.3). No vendor patch available.

Authentication Bypass Abb
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-8754 HIGH CISA This Week

Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.50 through 14. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-9877 MEDIUM This Month

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-9876 HIGH This Week

: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-3395 HIGH This Week

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Automation Builder
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-3394 HIGH This Week

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Automation Builder
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-51547 CRITICAL This Week

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-6784 HIGH This Week

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-6516 CRITICAL POC Act Now

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XSS Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-6515 HIGH This Week

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-51555 CRITICAL Act Now

Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-51554 HIGH This Week

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2024-51551 CRITICAL Act Now

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-51550 CRITICAL POC Act Now

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Code Injection Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.8%
CVE-2024-51549 CRITICAL Act Now

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-51548 HIGH This Week

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb File Upload Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-51546 HIGH POC This Week

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
1.5%
CVE-2024-51545 CRITICAL Act Now

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-51544 HIGH This Week

Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
13.5%
CVE-2024-51543 HIGH This Week

Information Disclosure vulnerabilities allow access to application configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-51542 HIGH This Week

Configuration Download vulnerabilities allow access to dependency configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Path Traversal Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware +17
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-51541 HIGH This Week

Local File Inclusion vulnerabilities allow access to sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI Abb PHP Information Disclosure Aspect Ent 12 Firmware +18
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-48847 HIGH This Week

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-48846 HIGH POC This Week

Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb CSRF Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.7%
CVE-2024-48845 CRITICAL POC Act Now

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Brute Force Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.8%
CVE-2024-48844 HIGH POC This Week

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD Exploit-DB
CVSS 4.0
7.2
EPSS
0.9%
CVE-2024-48843 HIGH This Week

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
7.6
EPSS
0.3%
CVE-2024-48840 CRITICAL POC Act Now

Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Code Injection Abb RCE Aspect Ent 2 Firmware +18
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
2.1%
CVE-2024-48839 CRITICAL POC Act Now

Improper Input Validation vulnerability allows Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Abb RCE Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
2.8%
CVE-2024-11317 CRITICAL Act Now

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Session Fixation Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-11316 HIGH This Week

Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-8036 MEDIUM This Month

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. Rated medium severity (CVSS 4.6). No vendor patch available.

Abb Jwt Attack Information Disclosure
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2024-5402 MEDIUM This Month

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Mint Workbench
NVD
CVSS 4.0
6.2
EPSS
0.2%
CVE-2024-6298 CRITICAL POC THREAT Act Now

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb RCE Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
19.0%
CVE-2024-6209 CRITICAL POC THREAT Act Now

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb Path Traversal Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware +17
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
17.2%
CVE-2024-4007 HIGH POC This Week

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +10
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
1.5%
CVE-2024-3036 MEDIUM This Month

Improper Input Validation vulnerability in ABB 800xA Base. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Abb Denial Of Service 800Xa Base System
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-4009 HIGH This Week

Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 2Tma310010B0001 Firmware 2Tma310011B0001 Firmware 2Tma310011B0002 Firmware +2
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-4008 HIGH This Week

FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 2Tma310010B0001 Firmware 2Tma310011B0001 Firmware 2Tma310011B0002 Firmware +2
NVD
CVSS 4.0
7.3
EPSS
0.3%
CVE-2024-0335 HIGH This Week

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0426 HIGH PATCH This Week

ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Abb Ac700F Firmware Freelance 2013 +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-0425 HIGH PATCH This Week

ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Abb Information Disclosure Ac700F Firmware Freelance 2013 Freelance 2016 +1
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-3324 HIGH This Week

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Abb Deserialization Zenon
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-3323 MEDIUM This Month

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Abb Zenon
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-3322 HIGH This Week

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Zenon
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-3321 HIGH This Week

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Zenon
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2876 MEDIUM This Month

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XSS Rex640 Pcl1 Firmware Rex640 Pcl2 Firmware Rex640 Pcl3 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-0636 CRITICAL Act Now

Improper Input Validation vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Command Injection Aspect Ent 2 Firmware Aspect Ent 12 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-0635 CRITICAL Act Now

Improper Privilege Management vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Abb Aspect Ent 2 Firmware Aspect Ent 12 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-0864 MEDIUM This Month

Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Terra Ac Wallbox Ul40 Firmware Terra Ac Wallbox 80A Firmware Terra Ac Wallbox Ul32A Firmware +5
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-0863 HIGH This Week

Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Terra Ac Wallbox Ul40 Firmware Terra Ac Wallbox 80A Firmware Terra Ac Wallbox Ul32A Firmware +5
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-0580 CRITICAL Act Now

Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure My Control System
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-1258 MEDIUM POC This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb Information Disclosure Flow X M Firmware Flow X C Firmware Flow X K Firmware +5
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
3.9%
CVE-2023-0228 HIGH This Week

Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Symphony Plus S Operations
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-34838 HIGH This Week

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Abb Zenon
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2022-34837 MEDIUM This Month

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Abb Zenon
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2022-34836 HIGH This Week

Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Path Traversal Zenon
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2022-0902 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Abb Path Traversal Command Injection Rmc 100 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
16.4%
CVE-2022-1596 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Rex640 Pcl1 Firmware Rex640 Pcl2 Firmware Rex640 Pcl3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-29483 HIGH PATCH This Week

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Abb E Design
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28702 MEDIUM PATCH This Month

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Privilege Escalation Abb E Design
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0947 CRITICAL Act Now

A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Arg600A1220Na Firmware Arg600A1230Na Firmware Arg600A1240Na Firmware +21
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-22272 CRITICAL Act Now

The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Mybuildings Mybusch Jaeger
NVD
CVSS 3.1
9.4
EPSS
0.6%
CVE-2021-35526 HIGH This Week

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager - SDM600 allows attacker to gain access to sensitive information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Sdm600 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-35529 HIGH This Week

Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Authentication Bypass Counterparty Settlement And Billing Retail Operations
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-35527 HIGH This Week

Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Esoms
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-27887 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Abb Ellipse Asset Performance Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27196 HIGH This Week

Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Relion 670 Firmware Relion 650 Firmware Relion Sam600 Io Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-26845 HIGH This Week

Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Authentication Bypass Esoms
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-10287 CRITICAL Act Now

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Irb140 Firmware Irc5 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8482 MEDIUM This Month

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Device Library Wizard
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-8489 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Information Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8488 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Batch Management
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8487 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Base System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8486 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Rnrp
NVD
CVSS 3.1
7.8
EPSS
0.3%
EPSS 0% CVSS 4.1
MEDIUM This Month

Uncontrolled Search Path Element (DLL hijacking) in ABB Control Builder A and 800xA for Advant Master enables a local low-privileged attacker to achieve high-integrity code execution on industrial engineering workstations. Affected versions span Control Builder A through 1.4/4 and 800xA for Advant Master through 6.2.0-1, covering multiple release branches of ABB's flagship OT automation suite. No public exploit or CISA KEV listing is identified at time of analysis, limiting immediate mass-exploitation risk, though OT environments running these ICS platforms warrant targeted patching prioritization given integrity-impact severity.

Abb Information Disclosure Control Builder A +1
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

Authentication bypass via primary weakness (CWE-305) in ABB Freelance DCS affects every major release line from 2013 through 2024, allowing a locally authenticated low-privilege user to circumvent the product's authentication mechanism and gain elevated control over the system. The CVSS vector (AV:L/PR:L/I:H) confirms the attacker must already hold a foothold on the host but can then achieve high integrity impact - particularly serious in an industrial control system context where manipulating controller configurations can affect physical processes. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the wide version span and OT deployment context elevate remediation urgency.

Authentication Bypass Abb
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Authorization bypass in ABB T-MAC Plus version 4.0-24 allows adjacent-network attackers to perform unauthorized actions that compromise device integrity and availability without any credentials or user interaction. The flaw is an incorrect authorization weakness (CWE-863) carrying a CVSS 4.0 score of 7.2, and no public exploit identified at time of analysis. ABB itself disclosed the issue and published an advisory describing the affected firmware.

Abb Authentication Bypass
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stored/reflected cross-site scripting in ABB T-MAC Plus version 4.0-24 allows authenticated low-privileged attackers to inject malicious script content into the web management interface, which executes in the browsers of other users who interact with the affected pages. With a CVSS 4.0 base score of 7.2 and no public exploit identified at time of analysis, the flaw is notable because successful exploitation impacts both the vulnerable component and downstream subsequent systems with high integrity and availability consequences, reflecting the operational-technology context typical of ABB industrial products.

XSS Abb
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Authorization bypass in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to access or modify resources belonging to other users by manipulating user-controlled identifiers (IDOR). The flaw scores CVSS 7.3 with high impact to integrity and availability, and no public exploit identified at time of analysis. The vulnerability was reported by the vendor (ABB) itself, indicating coordinated disclosure rather than incident-driven discovery.

Abb Authentication Bypass
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Unauthorized file or directory access in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to read, modify, or otherwise interact with resources that should not be externally reachable, with CVSS 4.0 scoring 7.3 due to high confidentiality and availability impact plus scope change to subsequent systems. The flaw is classified under CWE-552 (Files or Directories Accessible to External Parties) and was disclosed by ABB itself. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Abb Path Traversal
NVD
EPSS 0% CVSS 7.2
HIGH Act Now

Authentication bypass in ABB AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1) industrial gateways allows adjacent-network attackers to invoke critical functions without credentials, resulting in high confidentiality and availability impact. The flaw was reported by ABB itself and carries a CVSS 4.0 score of 7.2; no public exploit identified at time of analysis and EPSS sits at 0.03% (7th percentile), indicating low predicted exploitation likelihood despite the serious technical impact.

Authentication Bypass Abb
NVD VulDB
EPSS 0% CVSS 7.1
HIGH Act Now

Availability compromise of ABB AWIN GW100 rev.2 and AWIN GW120 industrial gateways stems from a missing authentication check on a critical function (CWE-306), enabling unauthenticated adjacent-network attackers to disrupt device operation. CVSS 4.0 scores the issue 7.1 with high availability impact but no confidentiality or integrity loss, and EPSS rates exploitation probability at just 0.03% (6th percentile) with no public exploit identified at time of analysis.

Abb Authentication Bypass
NVD VulDB
EPSS 0% CVSS 7.2
HIGH Act Now

CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability.

Authentication Bypass Abb
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Abb
NVD
EPSS 0% CVSS 9.4
CRITICAL This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.2.0.0, 3.2.1.1. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Abb
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Abb
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Abb
NVD
EPSS 0% CVSS 8.7
HIGH This Month

Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Abb
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Use of Hard-coded Credentials vulnerability in ABB FLXEON.3.5 and newer versions. Rated high severity (CVSS 7.3). No vendor patch available.

Authentication Bypass Abb
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.50 through 14. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
EPSS 0% CVSS 8.5
HIGH This Week

: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Automation Builder
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Automation Builder
NVD
EPSS 0% CVSS 9.3
CRITICAL This Week

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Aspect Ent 2 Firmware +18
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Abb Information Disclosure +19
NVD
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XSS Aspect Ent 2 Firmware +18
NVD Exploit-DB
EPSS 0% CVSS 8.7
HIGH This Week

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware +18
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware +18
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware +18
NVD
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Code Injection Aspect Ent 12 Firmware +18
NVD Exploit-DB
EPSS 1% CVSS 9.3
CRITICAL Act Now

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware +18
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb File Upload Aspect Ent 12 Firmware +18
NVD
EPSS 1% CVSS 8.7
HIGH POC This Week

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware +18
NVD Exploit-DB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware +18
NVD
EPSS 14% CVSS 8.8
HIGH This Week

Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware +18
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Information Disclosure vulnerabilities allow access to application configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware +18
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Configuration Download vulnerabilities allow access to dependency configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Path Traversal Information Disclosure +19
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Local File Inclusion vulnerabilities allow access to sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI Abb PHP +20
NVD
EPSS 0% CVSS 8.8
HIGH This Week

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Aspect Ent 2 Firmware +18
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb CSRF Aspect Ent 2 Firmware +18
NVD Exploit-DB
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Brute Force +19
NVD Exploit-DB
EPSS 1% CVSS 7.2
HIGH POC This Week

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware +18
NVD Exploit-DB
EPSS 0% CVSS 7.6
HIGH This Week

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware +18
NVD
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Code Injection Abb +20
NVD Exploit-DB
EPSS 3% CVSS 9.3
CRITICAL POC Act Now

Improper Input Validation vulnerability allows Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Abb RCE +19
NVD Exploit-DB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Session Fixation Information Disclosure +19
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware +18
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. Rated medium severity (CVSS 4.6). No vendor patch available.

Abb Jwt Attack Information Disclosure
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Mint Workbench
NVD
EPSS 19% CVSS 9.4
CRITICAL POC THREAT Act Now

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb RCE Aspect Ent 12 Firmware +18
NVD Exploit-DB
EPSS 17% CVSS 9.4
CRITICAL POC THREAT Act Now

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb Path Traversal Information Disclosure +19
NVD Exploit-DB
EPSS 2% CVSS 8.7
HIGH POC This Week

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware +12
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM This Month

Improper Input Validation vulnerability in ABB 800xA Base. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Abb Denial Of Service 800Xa Base System
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 2Tma310010B0001 Firmware +4
NVD
EPSS 0% CVSS 7.3
HIGH This Week

FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 2Tma310010B0001 Firmware +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Abb +4
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Abb Information Disclosure Ac700F Firmware +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Abb Deserialization Zenon
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Abb Zenon
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Zenon
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Zenon
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XSS Rex640 Pcl1 Firmware +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper Input Validation vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Command Injection Aspect Ent 2 Firmware +18
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper Privilege Management vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Abb Aspect Ent 2 Firmware +18
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Terra Ac Wallbox Ul40 Firmware +7
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Terra Ac Wallbox Ul40 Firmware +7
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure My Control System
NVD
EPSS 4% CVSS 5.3
MEDIUM POC This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb Information Disclosure Flow X M Firmware +7
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Symphony Plus S Operations
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Abb Zenon
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Abb Zenon
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Path Traversal Zenon
NVD
EPSS 16% CVSS 9.8
CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Abb Path Traversal +8
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Rex640 Pcl1 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Abb E Design
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Privilege Escalation Abb E Design
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Arg600A1220Na Firmware +23
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Mybuildings +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager - SDM600 allows attacker to gain access to sensitive information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Sdm600 Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Authentication Bypass Counterparty Settlement And Billing +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Esoms
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Abb Ellipse Asset Performance Management
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Relion 670 Firmware +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Authentication Bypass +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Irb140 Firmware +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Device Library Wizard
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Information Management
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Batch Management
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Base System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Rnrp
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy