VYPR

Vendor CVEs

Abb

All CVEs

253 total · sorted by risk
  • CVE-2024-48841CriJan 27, 2025
    risk 0.69cvss 10.0epss 0.04

    Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.

  • CVE-2025-9574CriOct 20, 2025
    risk 0.65cvss 10.0epss 0.01

    Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects .  All firmware versions with the Serial Number from 2000 to 5166

  • CVE-2024-51555CriDec 5, 2024
    risk 0.65cvss 10.0epss 0.00

    Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; …

  • CVE-2025-14771CriJun 3, 2026
    risk 0.64cvss 9.9epss 0.00

    Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

  • CVE-2025-53187CriAug 11, 2025
    risk 0.64cvss 9.8epss 0.01

    Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function…

  • CVE-2024-48852CriJan 29, 2025
    risk 0.64cvss 9.4epss 0.02

    Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4.

  • CVE-2024-48849CriJan 29, 2025
    risk 0.64cvss 9.4epss 0.01

    Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.

  • CVE-2018-14805CriAug 29, 2018
    risk 0.64cvss 9.8epss 0.05

    ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.

  • CVE-2017-7933CriJun 6, 2018
    risk 0.64cvss 9.8epss 0.02

    In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.

  • CVE-2017-9664CriMay 24, 2018
    risk 0.64cvss 9.8epss 0.03

    In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP…

  • CVE-2025-10571CriNov 20, 2025
    risk 0.62cvss 9.6epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1.

  • CVE-2025-30171CriMay 22, 2025
    risk 0.59cvss 9.0epss 0.00

    System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2025-2410CriMay 22, 2025
    risk 0.59cvss 9.1epss 0.00

    Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through…

  • CVE-2025-2409CriMay 22, 2025
    risk 0.59cvss 9.1epss 0.00

    File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2024-48853CriMay 22, 2025
    risk 0.59cvss 9.0epss 0.00

    An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2025-14772HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

  • CVE-2025-4676HigJan 7, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.

  • CVE-2025-10205HigSep 17, 2025
    risk 0.57cvss 8.8epss 0.00

    Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions

  • CVE-2024-13967HigJun 4, 2025
    risk 0.57cvss 8.8epss 0.00

    This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8.

  • CVE-2024-13955HigMay 22, 2025
    risk 0.57cvss 8.8epss 0.00

    2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2017-16731HigDec 20, 2017
    risk 0.57cvss 8.8epss 0.01

    An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit…

  • CVE-2024-13952HigMay 22, 2025
    risk 0.55cvss 8.4epss 0.00

    Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2025-13779HigMar 13, 2026
    risk 0.54cvss 8.3epss 0.00

    Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

  • CVE-2025-13777HigMar 13, 2026
    risk 0.54cvss 8.3epss 0.00

    Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

  • CVE-2025-14510HigJan 16, 2026
    risk 0.53cvss 8.1epss 0.00

    Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120.

  • CVE-2025-7679HigAug 11, 2025
    risk 0.53cvss 8.1epss 0.00

    The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT

  • CVE-2025-14773HigJun 3, 2026
    risk 0.52cvss 8.0epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

  • CVE-2021-22291HigOct 7, 2025
    risk 0.52cvss 8.0epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2.

  • CVE-2025-30172HigMay 22, 2025
    risk 0.52cvss 8.0epss 0.00

    Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2024-9639HigMay 22, 2025
    risk 0.52cvss 8.0epss 0.01

    Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2018-10616HigJul 18, 2018
    risk 0.51cvss 7.8epss 0.01

    ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.

  • CVE-2018-1168HigFeb 21, 2018
    risk 0.51cvss 7.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific…

  • CVE-2025-8754HigAug 13, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14.

  • CVE-2025-6073HigJul 3, 2025
    risk 0.49cvss 7.5epss 0.00

    Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and user/password broker authentication is enabled, and CVE-2025-6074 is exploited, the attacker can…

  • CVE-2025-6072HigJul 3, 2025
    risk 0.49cvss 7.5epss 0.00

    Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of…

  • CVE-2024-13957HigMay 22, 2025
    risk 0.49cvss 7.6epss 0.00

    SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-13951HigMay 22, 2025
    risk 0.49cvss 7.6epss 0.00

    One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-0335HigApr 3, 2024
    risk 0.49cvss 7.5epss 0.01

    ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through…

  • CVE-2019-10953HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.04

    ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

  • CVE-2017-7920HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.03

    An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access…

  • CVE-2016-4526HigSep 19, 2016
    risk 0.49cvss 7.5epss 0.00

    ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.

  • CVE-2025-14774HigJun 3, 2026
    risk 0.48cvss 7.4epss 0.00

    Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

  • CVE-2025-9970HigOct 8, 2025
    risk 0.48cvss 7.4epss 0.00

    Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.

  • CVE-2025-10207HigSep 18, 2025
    risk 0.47cvss 7.2epss 0.00

    Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5.

  • CVE-2024-48851HigSep 18, 2025
    risk 0.47cvss 7.2epss 0.01

    Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5.

  • CVE-2024-13948HigMay 22, 2025
    risk 0.47cvss 7.3epss 0.00

    Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-13946MedMay 22, 2025
    risk 0.47cvss 6.8epss 0.01

    DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-13931HigMay 22, 2025
    risk 0.47cvss 7.2epss 0.00

    Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2024-13929HigMay 22, 2025
    risk 0.47cvss 7.2epss 0.01

    Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2024-13928HigMay 22, 2025
    risk 0.47cvss 7.2epss 0.00

    SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

Page 1 of 6