Abb: Security Vulnerabilities
Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server.
CVSS Score
8.4
EPSS Score
0.003
Published
2022-02-04
Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-02-04
Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-02-04
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-12-13
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-10-28
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-27
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-09-23
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .
CVSS Score
9.8
EPSS Score
0.002
Published
2021-09-08
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-02-26
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.
CVSS Score
8.6
EPSS Score
0.008
Published
2021-02-09