Skip to main content

Abb

Vendor security scorecard – 136 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 785
136
CVEs
27
Critical
79
High
0
KEV
22
PoC
97
Unpatched C/H
8.1%
Patch Rate
1.8%
Avg EPSS

Severity Breakdown

CRITICAL
27
HIGH
79
MEDIUM
26
LOW
4

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2012-0245 Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.0%. CRITICAL 10.0 21.0% 71
CVE-2024-6209 Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.4 17.2% 67
PoC No patch
CVE-2024-6298 Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.4 19.0% 67
PoC No patch
CVE-2017-17888 cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. HIGH 8.8 1.7% 66
PoC No patch
CVE-2019-7230 The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available. HIGH 8.8 3.7% 64
PoC
CVE-2019-7232 The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available. HIGH 8.8 52.1% 64
PoC
CVE-2019-7228 The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available. HIGH 8.8 3.7% 64
PoC
CVE-2019-7226 The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 8.8 5.3% 64
PoC No patch
CVE-2019-7225 The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 8.8 2.9% 64
PoC No patch
CVE-2024-4007 Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 8.7 1.5% 64
PoC No patch
CVE-2019-7229 The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. Public exploit code available. HIGH 8.3 1.1% 62
PoC
CVE-2019-18997 The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.5 1.5% 58
PoC No patch
CVE-2019-7227 In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available. HIGH 7.3 8.5% 56
PoC
CVE-2018-14805 ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. CRITICAL 9.8 4.8% 49
No patch
CVE-2019-18250 In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. CRITICAL 9.8 1.7% 49
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy