CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6157
https://notcve.org/view.php?id=CVE-2024-6157
10 Oct 2024 — An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 • https://search.abb.com/library/Download.aspx?DocumentID=SI20337&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11640 – Elevation of Privilege
https://notcve.org/view.php?id=CVE-2020-11640
23 Jul 2024 — AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. AdvaBuild utiliza una cola de comandos para iniciar determinadas operaciones. • https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11639 – Insufficient access control on Inter process communication,
https://notcve.org/view.php?id=CVE-2020-11639
23 Jul 2024 — An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing the product to store wrong information or act on wrong data or display wrong information. This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7... • https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5402 – Mint Workbench I Unquoted Service Path Enumeration
https://notcve.org/view.php?id=CVE-2024-5402
15 Jul 2024 — Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 5868. Vulnerabilidad de elemento o ruta de búsqueda sin comillas en ABB Mint Workbench. Un atacante local que aprovechara con éxito esta vulnerabilidad podría obtener privilegios elevados insertando un archivo ejecuta... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch • CWE-428: Unquoted Search Path or Element •
CVSS: 10.0EPSS: 0%CPEs: 38EXPL: 1CVE-2024-6209 – unauthorized file access
https://notcve.org/view.php?id=CVE-2024-6209
05 Jul 2024 — Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series v <=3.08.01 ; MATRIX Series v<=3.08.01 allows Attacker to access files unauthorized Acceso no autorizado a archivos en WEB Server en ABB ASPECT - Enterprise v <=3.08.01; Serie NEXUS v <=3.08.01; MATRIX Series v<=3.08.01 permite a un atacante acceder a archivos no autorizados Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attac... • https://packetstorm.news/files/id/181802 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 10.0EPSS: 0%CPEs: 38EXPL: 1CVE-2024-6298 – remote code execution
https://notcve.org/view.php?id=CVE-2024-6298
05 Jul 2024 — Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01. Vulnerabilidad de validación de entrada incorrecta en ABB ASPECT-Enterprise en Linux, ABB NEXUS Series en Linux, ABB MATRIX Series en Linux permite la inclusión remota de código. Este problema afecta a ASPECT-Enterprise: hasta 3.08.01; ... • https://packetstorm.news/files/id/181803 • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-4007 – Hard coded default credential contained in install package
https://notcve.org/view.php?id=CVE-2024-4007
01 Jul 2024 — Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. ABB Cylon Aspect version 3.07.01 BMS/BAS controller is operating with default and hard-coded credentials contained in install package while exposed to the Internet. • https://packetstorm.news/files/id/181853 • CWE-1392: Use of Default Credentials •
CVSS: 9.2EPSS: 0%CPEs: 10EXPL: 0CVE-2024-4009 – Replay Attack in KNX Secure Devices
https://notcve.org/view.php?id=CVE-2024-4009
05 Jun 2024 — Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System Replay Attack en ABB, Busch-Jaeger, FTS Display (versión 1.00) y BCU (versión 1.3.0.33) permite al atacante capturar/reproducir telegramas KNX al sistema de bus KNX local • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.6EPSS: 0%CPEs: 10EXPL: 0CVE-2024-4008 – FDSK Leak in KNX Secure Devices
https://notcve.org/view.php?id=CVE-2024-4008
05 Jun 2024 — FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System La fuga de FDSK en ABB, Busch-Jaeger, FTS Display (versión 1.00) y BCU (versión 1.3.0.33) permite al atacante tomar el control mediante el acceso al sistema de bus KNX local • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1914
https://notcve.org/view.php?id=CVE-2024-1914
14 May 2024 — An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 < 7.14 Un atacante que aprov... • https://search.abb.com/library/Download.aspx?DocumentID=SI20330&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-476: NULL Pointer Dereference •