CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-22276 – free@home System Access Point FW integrity check can be bypassed.
https://notcve.org/view.php?id=CVE-2021-22276
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. La vulnerabilidad permite a un atacante con éxito omitir la comprobación de integridad del FW cargado al Punto de Acceso del Sistema free@home • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-354: Improper Validation of Integrity Check Value •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24672 – ABB Base Software for SoftControl Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2020-24672
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . Una vulnerabilidad en Base Software for SoftControl permite a un atacante insertar y ejecutar código arbitrario en un ordenador que ejecute el producto afectado. Este problema afecta a: • https://search.abb.com/library/Download.aspx?DocumentID=2PAA122974&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-24686 – AC500 V2 webserver denial of service vulnerability
https://notcve.org/view.php?id=CVE-2020-24686
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. Las vulnerabilidades pueden ser explotadas para causar que al componente visualization web del PLC detenerse y que no responda, conllevando a usuarios genuinos perder la visibilidad remota del estado del PLC. • https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24685 – AC500 V2 unauthenticated crafter packet vulnerability
https://notcve.org/view.php?id=CVE-2020-24685
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions. Un paquete no autenticado especialmente diseñado y enviado por un atacante a través de la red causará una vulnerabilidad de denegación de servicio (DoS). • https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-24675 – Weak Authentication in Symphony Plus
https://notcve.org/view.php?id=CVE-2020-24675
In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. En S+ Operations y S+ History, es posible que un usuario no autenticado pueda inyectar valores al servidor Operations History (o al servidor S+ History dedicado) y finalmente escribir valores en el proceso controlado • https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-287: Improper Authentication •