CVE-2024-4009 – Replay Attack in KNX Secure Devices
https://notcve.org/view.php?id=CVE-2024-4009
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System Replay Attack en ABB, Busch-Jaeger, FTS Display (versión 1.00) y BCU (versión 1.3.0.33) permite al atacante capturar/reproducir telegramas KNX al sistema de bus KNX local • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-294: Authentication Bypass by Capture-replay •
CVE-2024-4008 – FDSK Leak in KNX Secure Devices
https://notcve.org/view.php?id=CVE-2024-4008
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System La fuga de FDSK en ABB, Busch-Jaeger, FTS Display (versión 1.00) y BCU (versión 1.3.0.33) permite al atacante tomar el control mediante el acceso al sistema de bus KNX local • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-1914
https://notcve.org/view.php?id=CVE-2024-1914
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 < 7.14 Un atacante que aprovechara con éxito estas vulnerabilidades podría provocar que el robot se detuviera y hacer que el controlador del robot fuera inaccesible. La vulnerabilidad podría potencialmente explotarse para realizar acciones no autorizadas por parte de un atacante. Esta vulnerabilidad surge bajo una condición específica cuando el sistema procesa un mensaje especialmente manipulado. • https://search.abb.com/library/Download.aspx?DocumentID=SI20330&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-476: NULL Pointer Dereference •
CVE-2024-1913
https://notcve.org/view.php?id=CVE-2024-1913
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 < 7.14 Un atacante que aprovechara con éxito estas vulnerabilidades podría provocar que el robot se detuviera, hacer que el controlador del robot fuera inaccesible o ejecutar código arbitrario. La vulnerabilidad podría potencialmente explotarse para realizar acciones no autorizadas por parte de un atacante. Esta vulnerabilidad surge bajo una condición específica cuando el sistema procesa un mensaje especialmente manipulado. A continuación se informan vulnerabilidades en las versiones de Robot Ware. * IRC5- RobotWare 6 < 6.15.06 excepto 6.10.10 y 6.13.07 * OmniCore- RobotWare 7 < 7.14 • https://search.abb.com/library/Download.aspx?DocumentID=SI20330&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-787: Out-of-bounds Write •
CVE-2024-0335 – Malformed Packet Handling
https://notcve.org/view.php?id=CVE-2024-0335
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2. ABB ha identificado internamente una vulnerabilidad en la función ABB VPNI del componente S+ Control API que puede ser utilizada por varios productos Symphony Plus (por ejemplo, S+ Operations, S+ Engineering y S+ Analyst). Este problema afecta a Symphony Plus S+ Operations: desde 3.. 0;0 a 3.3 SP1 RU4, de 2.1;0 a 2.1 SP2 RU3, de 2.0;0 a 2.0 SP6 TC6; Symphony Plus S+ Engineering: de 2.1 a 2.3 RU3; Symphony Plus S+ Analyst: desde 7.0.0.0 hasta 7.2.0.2. ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2. • https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation CWE-23: Relative Path Traversal •