VYPR

Vendor CVEs

Abb

All CVEs

253 total · sorted by risk
  • CVE-2024-48850HigMay 22, 2025
    risk 0.47cvss 7.2epss 0.00

    Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2024-9876HigApr 30, 2025
    risk 0.47cvss 7.3epss 0.00

    : Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.

  • CVE-2024-10334HigFeb 10, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA:…

  • CVE-2016-2281HigMar 18, 2016
    risk 0.47cvss 7.2epss 0.00

    Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

  • CVE-2025-3465HigOct 20, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSense™ HM, ABB CoreSense™ M10.This issue affects CoreSense™ HM: through 2.3.1; CoreSense™ M10: through 1.4.1.12.

  • CVE-2024-48842HigSep 17, 2025
    risk 0.46cvss 7.0epss 0.00

    Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions

  • CVE-2024-12430HigJan 7, 2025
    risk 0.46cvss 7.0epss 0.00

    An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject…

  • CVE-2025-5517MedOct 20, 2025
    risk 0.44cvss 6.8epss 0.00

    Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox (MID/ CE) -Terra AC Juno CE, ABB Terra AC wallbox (MID/ CE) -Terra AC PTB, ABB Terra AC wallbox (JP).This…

  • CVE-2025-7705MedJul 22, 2025
    risk 0.44cvss 6.8epss 0.00

    : Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects Switch Actuator 4 DU-83330: All Versions; Switch actuator, door/light 4 DU -83330-500: All Versions.

  • CVE-2025-4407MedJun 30, 2025
    risk 0.44cvss 6.7epss 0.00

    Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1.

  • CVE-2024-13956MedMay 22, 2025
    risk 0.44cvss 6.7epss 0.00

    SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-13950MedMay 22, 2025
    risk 0.44cvss 6.8epss 0.00

    Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-13949MedMay 22, 2025
    risk 0.44cvss 6.8epss 0.00

    Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2025-30173MedMay 22, 2025
    risk 0.44cvss 6.7epss 0.00

    File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2025-30169MedMay 22, 2025
    risk 0.44cvss 6.7epss 0.00

    File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2025-7064MedJun 11, 2026
    risk 0.43cvss 6.6epss 0.00

    Authentication bypass by primary weakness vulnerability in ABB Freelance. This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.

  • CVE-2025-3756MedApr 13, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing…

  • CVE-2025-13778MedMar 13, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

  • CVE-2025-4677MedJan 7, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.

  • CVE-2025-4675MedJan 7, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.

  • CVE-2025-6074MedJul 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to source code and control network, the attacker can bypass the REST interface authentication and gain access to…

  • CVE-2024-51553MedMay 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-48848MedMay 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-13954MedMay 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2017-15583MedOct 18, 2017
    risk 0.42cvss 6.5epss 0.01

    The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.

  • CVE-2017-7916MedAug 7, 2017
    risk 0.42cvss 6.5epss 0.01

    A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A…

  • CVE-2016-4524MedJun 10, 2016
    risk 0.42cvss 6.5epss 0.00

    ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors.

  • CVE-2025-12143MedNov 28, 2025
    risk 0.40cvss 6.1epss 0.00

    Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.

  • CVE-2025-12142MedOct 29, 2025
    risk 0.40cvss 6.1epss 0.00

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.

  • CVE-2025-10504MedSep 29, 2025
    risk 0.40cvss 6.1epss 0.00

    Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.

  • CVE-2024-13945MedMay 23, 2025
    risk 0.39cvss 6.0epss 0.00

    Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-51552MedMay 22, 2025
    risk 0.39cvss 6.0epss 0.00

    Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-13947MedMay 22, 2025
    risk 0.39cvss 6.0epss 0.00

    Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2025-7677MedAug 11, 2025
    risk 0.38cvss 5.9epss 0.00

    A denial-of-service (DoS) attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT.

  • CVE-2025-7745MedJul 24, 2025
    risk 0.38cvss 5.8epss 0.00

    Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2.

  • CVE-2018-5477MedFeb 20, 2018
    risk 0.38cvss 5.8epss 0.01

    An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application…

  • CVE-2025-30170MedMay 22, 2025
    risk 0.36cvss 5.5epss 0.00

    Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX…

  • CVE-2017-14025MedNov 6, 2017
    risk 0.36cvss 5.5epss 0.00

    An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the…

  • CVE-2025-6071MedJul 3, 2025
    risk 0.34cvss 5.3epss 0.00

    Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through…

  • CVE-2024-6157MedOct 10, 2024
    risk 0.33cvss 5.1epss 0.00

    An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below.  This vulnerability arises under specific condition when specially crafted message is…

  • CVE-2024-13953MedMay 22, 2025
    risk 0.32cvss 4.9epss 0.00

    Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-13930MedMay 22, 2025
    risk 0.32cvss 4.9epss 0.00

    An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through…

  • CVE-2024-13958MedMay 22, 2025
    risk 0.31cvss 4.8epss 0.00

    Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-9877MedApr 30, 2025
    risk 0.28cvss 4.3epss 0.00

    : Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.

  • CVE-2024-12429MedJan 7, 2025
    risk 0.28cvss 4.3epss 0.00

    An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3…

  • CVE-2016-4527LowJun 10, 2016
    risk 0.21cvss 3.3epss 0.00

    ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors.

  • CVE-2016-4516LowJun 10, 2016
    risk 0.21cvss 3.3epss 0.00

    ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors.

  • CVE-2016-4511LowJun 10, 2016
    risk 0.18cvss 2.8epss 0.00

    ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.

  • CVE-2024-47784LowApr 30, 2025
    risk 0.17cvss 2.6epss 0.00

    Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.

  • CVE-2019-5620Apr 29, 2020
    risk 0.09cvss epss 0.70

    ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

Page 2 of 6