CVE-2023-3322 – Code Execution through overwriting service executable in utilities directory
https://notcve.org/view.php?id=CVE-2023-3322
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-3321 – Code Execution through Writable Mosquitto Configuration File
https://notcve.org/view.php?id=CVE-2023-3321
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 • CWE-15: External Control of System or Configuration Setting •
CVE-2023-2625
https://notcve.org/view.php?id=CVE-2023-2625
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system. • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-2876 – Session cookie exposure for client side script
https://notcve.org/view.php?id=CVE-2023-2876
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1. • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVE-2023-0636 – Remote Code Execution via Command Injection
https://notcve.org/view.php?id=CVE-2023-0636
Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1. • https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •