CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-0010 – QCS 800xA Vulnerability identified in system log files
https://notcve.org/view.php?id=CVE-2022-0010
22 May 2023 — Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0... • https://search.abb.com/library/Download.aspx?DocumentID=3BUS221709&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.108646530.1437951308.1684739395-1142547495.1678209228 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2023-0864 – Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE).
https://notcve.org/view.php?id=CVE-2023-0864
17 May 2023 — Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terr... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-0863 – Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed,
https://notcve.org/view.php?id=CVE-2023-0863
17 May 2023 — Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra ... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0580 – Information Disclosure vulnerability in My Control System (on-premise)
https://notcve.org/view.php?id=CVE-2023-0580
06 Apr 2023 — Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13. Insecure Stor... • https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 30EXPL: 0CVE-2022-3192 – Improper Check for Unusual or Exceptional Conditions
https://notcve.org/view.php?id=CVE-2022-3192
31 Mar 2023 — Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6. La vulnerabilidad de validación de entrada incorrecta en ABB AC500 V2 PM5xx permite la Manipulación del Protocolo Cliente-Servidor.Este problema afecta a AC500 V2: de la verisón 2.0.0 a la 2.8.6. • https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.3EPSS: 7%CPEs: 16EXPL: 3CVE-2023-1258 – Flow-X disclosure of sensitive information to unauthenticated users
https://notcve.org/view.php?id=CVE-2023-1258
31 Mar 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0. ABB FlowX version 4.00 suffers from a sensitive information exposure vulnerability. • https://packetstorm.news/files/id/173610 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4126 – Use of Default Password
https://notcve.org/view.php?id=CVE-2022-4126
27 Mar 2023 — Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207. • https://search.abb.com/library/Download.aspx?DocumentID=2CMT006099_EN&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-287: Improper Authentication CWE-1393: Use of Default Password •
CVSS: 6.3EPSS: 0%CPEs: 14EXPL: 0CVE-2022-26080 – Easily guessable session ID's in NE843 Pulsar Plus Controller
https://notcve.org/view.php?id=CVE-2022-26080
16 Mar 2023 — Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.256117643.1223066510.1678942947-1879524908.1677751217 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0228 – Improper authentication vulnerability in S+ Operations
https://notcve.org/view.php?id=CVE-2023-0228
02 Mar 2023 — Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. • https://search.abb.com/library/Download.aspx?DocumentID=7PAA006722&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-287: Improper Authentication •
CVSS: 6.2EPSS: 0%CPEs: 64EXPL: 0CVE-2021-22283 – MMS File Transfer Vulnerability impact on Distribution Automation products
https://notcve.org/view.php?id=CVE-2021-22283
28 Feb 2023 — Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion pr... • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001147&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-665: Improper Initialization •