Abb: Security Vulnerabilities
AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the
command queue can use it to launch an attack by running any executable on the AdvaBuild node. The
executables that can be run are not limited to AdvaBuild specific executables.
Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-07-23
An attacker could exploit the vulnerability by
injecting garbage data or specially crafted data. Depending on the data injected each process might be
affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing
the product to store wrong information or act on wrong data or display wrong information.
This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.
For an attack to be successful, the attacker must have local access to a node in the system and be able to
start a specially crafted application that disrupts the communication.
An attacker who successfully exploited the vulnerability would be able to manipulate the data in such
way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300
and AdvaBuild to crash.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-07-23
Unquoted Search Path or Element vulnerability in ABB Mint Workbench.
A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.
This issue affects Mint Workbench I versions: from 5866 before 5868.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-07-15
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series
v3.08.01
; MATRIX Series
v3.08.01 allows Attacker to access files unauthorized
CVSS Score
9.4
EPSS Score
0.428
Published
2024-07-05
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series
v3.08.01
; MATRIX Series
v3.08.01 allows Attacker to execute arbitrary code remotely
CVSS Score
9.4
EPSS Score
0.259
Published
2024-07-05
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.
CVSS Score
8.7
EPSS Score
0.072
Published
2024-07-01
Improper Input Validation vulnerability in ABB 800xA Base.
An attacker who successfully exploited this
vulnerability could cause services to crash by sending specifically crafted messages.
This issue affects 800xA Base: from 6.0.0 through 6.1.1-2.
CVSS Score
6.9
EPSS Score
0.001
Published
2024-06-21
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System
CVSS Score
7.3
EPSS Score
0.002
Published
2024-06-05
Replay Attack
in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System
CVSS Score
7.3
EPSS Score
0.001
Published
2024-06-05
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible.
The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.
Below are reported vulnerabilities in the Robot Ware versions.
* IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07
* OmniCore- RobotWare 7 < 7.14
CVSS Score
6.5
EPSS Score
0.005
Published
2024-05-14