Page 12 of 130 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0

The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. La vulnerabilidad permite a un atacante con éxito omitir la comprobación de integridad del FW cargado al Punto de Acceso del Sistema free@home • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-354: Improper Validation of Integrity Check Value •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . Una vulnerabilidad en Base Software for SoftControl permite a un atacante insertar y ejecutar código arbitrario en un ordenador que ejecute el producto afectado. Este problema afecta a: • https://search.abb.com/library/Download.aspx?DocumentID=2PAA122974&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. Las vulnerabilidades pueden ser explotadas para causar que al componente visualization web del PLC detenerse y que no responda, conllevando a usuarios genuinos perder la visibilidad remota del estado del PLC. • https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions. Un paquete no autenticado especialmente diseñado y enviado por un atacante a través de la red causará una vulnerabilidad de denegación de servicio (DoS). • https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. En S+ Operations y S+ History, es posible que un usuario no autenticado pueda inyectar valores al servidor Operations History (o al servidor S+ History dedicado) y finalmente escribir valores en el proceso controlado • https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-287: Improper Authentication •