Vendor CVEs
Abb
All CVEs
253 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48841 | Cri | 0.69 | 10.0 | 0.04 | Jan 27, 2025 | Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. | ||
| CVE-2025-9574 | Cri | 0.65 | 10.0 | 0.01 | Oct 20, 2025 | Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166 | ||
| CVE-2024-51555 | Cri | 0.65 | 10.0 | 0.00 | Dec 5, 2024 | Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; … | ||
| CVE-2025-14771 | Cri | 0.64 | 9.9 | 0.00 | Jun 3, 2026 | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||
| CVE-2025-53187 | Cri | 0.64 | 9.8 | 0.01 | Aug 11, 2025 | Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function… | ||
| CVE-2024-48852 | Cri | 0.64 | 9.4 | 0.02 | Jan 29, 2025 | Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4. | ||
| CVE-2024-48849 | Cri | 0.64 | 9.4 | 0.01 | Jan 29, 2025 | Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4. | ||
| CVE-2018-14805 | Cri | 0.64 | 9.8 | 0.05 | Aug 29, 2018 | ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. | ||
| CVE-2017-7933 | Cri | 0.64 | 9.8 | 0.02 | Jun 6, 2018 | In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access. | ||
| CVE-2017-9664 | Cri | 0.64 | 9.8 | 0.03 | May 24, 2018 | In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP… | ||
| CVE-2025-10571 | Cri | 0.62 | 9.6 | 0.00 | Nov 20, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1. | ||
| CVE-2025-30171 | Cri | 0.59 | 9.0 | 0.00 | May 22, 2025 | System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||
| CVE-2025-2410 | Cri | 0.59 | 9.1 | 0.00 | May 22, 2025 | Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through… | ||
| CVE-2025-2409 | Cri | 0.59 | 9.1 | 0.00 | May 22, 2025 | File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||
| CVE-2024-48853 | Cri | 0.59 | 9.0 | 0.00 | May 22, 2025 | An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||
| CVE-2025-14772 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||
| CVE-2025-4676 | Hig | 0.57 | 8.8 | 0.00 | Jan 7, 2026 | Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. | ||
| CVE-2025-10205 | Hig | 0.57 | 8.8 | 0.00 | Sep 17, 2025 | Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions | ||
| CVE-2024-13967 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2025 | This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8. | ||
| CVE-2024-13955 | Hig | 0.57 | 8.8 | 0.00 | May 22, 2025 | 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||
| CVE-2017-16731 | Hig | 0.57 | 8.8 | 0.01 | Dec 20, 2017 | An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit… | ||
| CVE-2024-13952 | Hig | 0.55 | 8.4 | 0.00 | May 22, 2025 | Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||
| CVE-2025-13779 | Hig | 0.54 | 8.3 | 0.00 | Mar 13, 2026 | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | ||
| CVE-2025-13777 | Hig | 0.54 | 8.3 | 0.00 | Mar 13, 2026 | Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | ||
| CVE-2025-14510 | Hig | 0.53 | 8.1 | 0.00 | Jan 16, 2026 | Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120. | ||
| CVE-2025-7679 | Hig | 0.53 | 8.1 | 0.00 | Aug 11, 2025 | The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT | ||
| CVE-2025-14773 | Hig | 0.52 | 8.0 | 0.00 | Jun 3, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||
| CVE-2021-22291 | Hig | 0.52 | 8.0 | 0.00 | Oct 7, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2. | ||
| CVE-2025-30172 | Hig | 0.52 | 8.0 | 0.00 | May 22, 2025 | Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||
| CVE-2024-9639 | Hig | 0.52 | 8.0 | 0.01 | May 22, 2025 | Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||
| CVE-2018-10616 | Hig | 0.51 | 7.8 | 0.01 | Jul 18, 2018 | ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. | ||
| CVE-2018-1168 | Hig | 0.51 | 7.8 | 0.00 | Feb 21, 2018 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific… | ||
| CVE-2025-8754 | Hig | 0.49 | 7.5 | 0.00 | Aug 13, 2025 | Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14. | ||
| CVE-2025-6073 | Hig | 0.49 | 7.5 | 0.00 | Jul 3, 2025 | Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and user/password broker authentication is enabled, and CVE-2025-6074 is exploited, the attacker can… | ||
| CVE-2025-6072 | Hig | 0.49 | 7.5 | 0.00 | Jul 3, 2025 | Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of… | ||
| CVE-2024-13957 | Hig | 0.49 | 7.6 | 0.00 | May 22, 2025 | SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||
| CVE-2024-13951 | Hig | 0.49 | 7.6 | 0.00 | May 22, 2025 | One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||
| CVE-2024-0335 | Hig | 0.49 | 7.5 | 0.01 | Apr 3, 2024 | ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through… | ||
| CVE-2019-10953 | Hig | 0.49 | 7.5 | 0.04 | Apr 17, 2019 | ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. | ||
| CVE-2017-7920 | Hig | 0.49 | 7.5 | 0.03 | Aug 7, 2017 | An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access… | ||
| CVE-2016-4526 | Hig | 0.49 | 7.5 | 0.00 | Sep 19, 2016 | ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. | ||
| CVE-2025-14774 | Hig | 0.48 | 7.4 | 0.00 | Jun 3, 2026 | Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||
| CVE-2025-9970 | Hig | 0.48 | 7.4 | 0.00 | Oct 8, 2025 | Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21. | ||
| CVE-2025-10207 | Hig | 0.47 | 7.2 | 0.00 | Sep 18, 2025 | Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. | ||
| CVE-2024-48851 | Hig | 0.47 | 7.2 | 0.01 | Sep 18, 2025 | Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5. | ||
| CVE-2024-13948 | Hig | 0.47 | 7.3 | 0.00 | May 22, 2025 | Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||
| CVE-2024-13946 | Med | 0.47 | 6.8 | 0.01 | May 22, 2025 | DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||
| CVE-2024-13931 | Hig | 0.47 | 7.2 | 0.00 | May 22, 2025 | Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||
| CVE-2024-13929 | Hig | 0.47 | 7.2 | 0.01 | May 22, 2025 | Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||
| CVE-2024-13928 | Hig | 0.47 | 7.2 | 0.00 | May 22, 2025 | SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. |
- risk 0.69cvss 10.0epss 0.04
Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.
- risk 0.65cvss 10.0epss 0.01
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166
- risk 0.65cvss 10.0epss 0.00
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; …
- risk 0.64cvss 9.9epss 0.00
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
- risk 0.64cvss 9.8epss 0.01
Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function…
- risk 0.64cvss 9.4epss 0.02
Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4.
- risk 0.64cvss 9.4epss 0.01
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.
- risk 0.64cvss 9.8epss 0.05
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.
- risk 0.64cvss 9.8epss 0.02
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.
- risk 0.64cvss 9.8epss 0.03
In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP…
- risk 0.62cvss 9.6epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1.
- risk 0.59cvss 9.0epss 0.00
System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
- risk 0.59cvss 9.1epss 0.00
Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through…
- risk 0.59cvss 9.1epss 0.00
File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
- risk 0.59cvss 9.0epss 0.00
An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
- risk 0.57cvss 8.8epss 0.00
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
- risk 0.57cvss 8.8epss 0.00
Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.
- risk 0.57cvss 8.8epss 0.00
Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions
- risk 0.57cvss 8.8epss 0.00
This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8.
- risk 0.57cvss 8.8epss 0.00
2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
- risk 0.57cvss 8.8epss 0.01
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit…
- risk 0.55cvss 8.4epss 0.00
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
- risk 0.54cvss 8.3epss 0.00
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
- risk 0.54cvss 8.3epss 0.00
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
- risk 0.53cvss 8.1epss 0.00
Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120.
- risk 0.53cvss 8.1epss 0.00
The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT
- risk 0.52cvss 8.0epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
- risk 0.52cvss 8.0epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2.
- risk 0.52cvss 8.0epss 0.00
Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
- risk 0.52cvss 8.0epss 0.01
Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
- risk 0.51cvss 7.8epss 0.01
ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.
- risk 0.51cvss 7.8epss 0.00
This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific…
- risk 0.49cvss 7.5epss 0.00
Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14.
- risk 0.49cvss 7.5epss 0.00
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and user/password broker authentication is enabled, and CVE-2025-6074 is exploited, the attacker can…
- risk 0.49cvss 7.5epss 0.00
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of…
- risk 0.49cvss 7.6epss 0.00
SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
- risk 0.49cvss 7.6epss 0.00
One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
- risk 0.49cvss 7.5epss 0.01
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through…
- risk 0.49cvss 7.5epss 0.04
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
- risk 0.49cvss 7.5epss 0.03
An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access…
- risk 0.49cvss 7.5epss 0.00
ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.
- risk 0.48cvss 7.4epss 0.00
Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
- risk 0.48cvss 7.4epss 0.00
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.
- risk 0.47cvss 7.2epss 0.00
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5.
- risk 0.47cvss 7.2epss 0.01
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5.
- risk 0.47cvss 7.3epss 0.00
Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
- risk 0.47cvss 6.8epss 0.01
DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
- risk 0.47cvss 7.2epss 0.00
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
- risk 0.47cvss 7.2epss 0.01
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
- risk 0.47cvss 7.2epss 0.00
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Page 1 of 6