Abb
Monthly
Uncontrolled Search Path Element (DLL hijacking) in ABB Control Builder A and 800xA for Advant Master enables a local low-privileged attacker to achieve high-integrity code execution on industrial engineering workstations. Affected versions span Control Builder A through 1.4/4 and 800xA for Advant Master through 6.2.0-1, covering multiple release branches of ABB's flagship OT automation suite. No public exploit or CISA KEV listing is identified at time of analysis, limiting immediate mass-exploitation risk, though OT environments running these ICS platforms warrant targeted patching prioritization given integrity-impact severity.
Authentication bypass via primary weakness (CWE-305) in ABB Freelance DCS affects every major release line from 2013 through 2024, allowing a locally authenticated low-privilege user to circumvent the product's authentication mechanism and gain elevated control over the system. The CVSS vector (AV:L/PR:L/I:H) confirms the attacker must already hold a foothold on the host but can then achieve high integrity impact - particularly serious in an industrial control system context where manipulating controller configurations can affect physical processes. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the wide version span and OT deployment context elevate remediation urgency.
Authorization bypass in ABB T-MAC Plus version 4.0-24 allows adjacent-network attackers to perform unauthorized actions that compromise device integrity and availability without any credentials or user interaction. The flaw is an incorrect authorization weakness (CWE-863) carrying a CVSS 4.0 score of 7.2, and no public exploit identified at time of analysis. ABB itself disclosed the issue and published an advisory describing the affected firmware.
Stored/reflected cross-site scripting in ABB T-MAC Plus version 4.0-24 allows authenticated low-privileged attackers to inject malicious script content into the web management interface, which executes in the browsers of other users who interact with the affected pages. With a CVSS 4.0 base score of 7.2 and no public exploit identified at time of analysis, the flaw is notable because successful exploitation impacts both the vulnerable component and downstream subsequent systems with high integrity and availability consequences, reflecting the operational-technology context typical of ABB industrial products.
Authorization bypass in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to access or modify resources belonging to other users by manipulating user-controlled identifiers (IDOR). The flaw scores CVSS 7.3 with high impact to integrity and availability, and no public exploit identified at time of analysis. The vulnerability was reported by the vendor (ABB) itself, indicating coordinated disclosure rather than incident-driven discovery.
Unauthorized file or directory access in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to read, modify, or otherwise interact with resources that should not be externally reachable, with CVSS 4.0 scoring 7.3 due to high confidentiality and availability impact plus scope change to subsequent systems. The flaw is classified under CWE-552 (Files or Directories Accessible to External Parties) and was disclosed by ABB itself. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Authentication bypass in ABB AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1) industrial gateways allows adjacent-network attackers to invoke critical functions without credentials, resulting in high confidentiality and availability impact. The flaw was reported by ABB itself and carries a CVSS 4.0 score of 7.2; no public exploit identified at time of analysis and EPSS sits at 0.03% (7th percentile), indicating low predicted exploitation likelihood despite the serious technical impact.
Availability compromise of ABB AWIN GW100 rev.2 and AWIN GW120 industrial gateways stems from a missing authentication check on a critical function (CWE-306), enabling unauthenticated adjacent-network attackers to disrupt device operation. CVSS 4.0 scores the issue 7.1 with high availability impact but no confidentiality or integrity loss, and EPSS rates exploitation probability at just 0.03% (6th percentile) with no public exploit identified at time of analysis.
CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability.
Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.2.0.0, 3.2.1.1. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use of Hard-coded Credentials vulnerability in ABB FLXEON.3.5 and newer versions. Rated high severity (CVSS 7.3). No vendor patch available.
Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.50 through 14. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dangerous File Upload vulnerabilities allow upload of malicious scripts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure vulnerabilities allow access to application configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Configuration Download vulnerabilities allow access to dependency configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Local File Inclusion vulnerabilities allow access to sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.
Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability allows Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. Rated medium severity (CVSS 4.6). No vendor patch available.
Unquoted Search Path or Element vulnerability in ABB Mint Workbench. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Improper Input Validation vulnerability in ABB 800xA Base. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Privilege Management vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager - SDM600 allows attacker to gain access to sensitive information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled Search Path Element (DLL hijacking) in ABB Control Builder A and 800xA for Advant Master enables a local low-privileged attacker to achieve high-integrity code execution on industrial engineering workstations. Affected versions span Control Builder A through 1.4/4 and 800xA for Advant Master through 6.2.0-1, covering multiple release branches of ABB's flagship OT automation suite. No public exploit or CISA KEV listing is identified at time of analysis, limiting immediate mass-exploitation risk, though OT environments running these ICS platforms warrant targeted patching prioritization given integrity-impact severity.
Authentication bypass via primary weakness (CWE-305) in ABB Freelance DCS affects every major release line from 2013 through 2024, allowing a locally authenticated low-privilege user to circumvent the product's authentication mechanism and gain elevated control over the system. The CVSS vector (AV:L/PR:L/I:H) confirms the attacker must already hold a foothold on the host but can then achieve high integrity impact - particularly serious in an industrial control system context where manipulating controller configurations can affect physical processes. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the wide version span and OT deployment context elevate remediation urgency.
Authorization bypass in ABB T-MAC Plus version 4.0-24 allows adjacent-network attackers to perform unauthorized actions that compromise device integrity and availability without any credentials or user interaction. The flaw is an incorrect authorization weakness (CWE-863) carrying a CVSS 4.0 score of 7.2, and no public exploit identified at time of analysis. ABB itself disclosed the issue and published an advisory describing the affected firmware.
Stored/reflected cross-site scripting in ABB T-MAC Plus version 4.0-24 allows authenticated low-privileged attackers to inject malicious script content into the web management interface, which executes in the browsers of other users who interact with the affected pages. With a CVSS 4.0 base score of 7.2 and no public exploit identified at time of analysis, the flaw is notable because successful exploitation impacts both the vulnerable component and downstream subsequent systems with high integrity and availability consequences, reflecting the operational-technology context typical of ABB industrial products.
Authorization bypass in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to access or modify resources belonging to other users by manipulating user-controlled identifiers (IDOR). The flaw scores CVSS 7.3 with high impact to integrity and availability, and no public exploit identified at time of analysis. The vulnerability was reported by the vendor (ABB) itself, indicating coordinated disclosure rather than incident-driven discovery.
Unauthorized file or directory access in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to read, modify, or otherwise interact with resources that should not be externally reachable, with CVSS 4.0 scoring 7.3 due to high confidentiality and availability impact plus scope change to subsequent systems. The flaw is classified under CWE-552 (Files or Directories Accessible to External Parties) and was disclosed by ABB itself. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Authentication bypass in ABB AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1) industrial gateways allows adjacent-network attackers to invoke critical functions without credentials, resulting in high confidentiality and availability impact. The flaw was reported by ABB itself and carries a CVSS 4.0 score of 7.2; no public exploit identified at time of analysis and EPSS sits at 0.03% (7th percentile), indicating low predicted exploitation likelihood despite the serious technical impact.
Availability compromise of ABB AWIN GW100 rev.2 and AWIN GW120 industrial gateways stems from a missing authentication check on a critical function (CWE-306), enabling unauthenticated adjacent-network attackers to disrupt device operation. CVSS 4.0 scores the issue 7.1 with high availability impact but no confidentiality or integrity loss, and EPSS rates exploitation probability at just 0.03% (6th percentile) with no public exploit identified at time of analysis.
CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability.
Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.2.0.0, 3.2.1.1. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use of Hard-coded Credentials vulnerability in ABB FLXEON.3.5 and newer versions. Rated high severity (CVSS 7.3). No vendor patch available.
Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.50 through 14. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dangerous File Upload vulnerabilities allow upload of malicious scripts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure vulnerabilities allow access to application configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Configuration Download vulnerabilities allow access to dependency configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Local File Inclusion vulnerabilities allow access to sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.
Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability allows Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. Rated medium severity (CVSS 4.6). No vendor patch available.
Unquoted Search Path or Element vulnerability in ABB Mint Workbench. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Improper Input Validation vulnerability in ABB 800xA Base. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Privilege Management vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager - SDM600 allows attacker to gain access to sensitive information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.