CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1913
https://notcve.org/view.php?id=CVE-2024-1913
14 May 2024 — An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 <... • https://search.abb.com/library/Download.aspx?DocumentID=SI20330&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0335 – Malformed Packet Handling
https://notcve.org/view.php?id=CVE-2024-0335
03 Apr 2024 — ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2. ABB ha identificado internamente una vulnerabili... • https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation CWE-23: Relative Path Traversal •
CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0CVE-2023-0426 – Stack overflow in filename or in boundary
https://notcve.org/view.php?id=CVE-2023-0426
07 Aug 2023 — ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance contro... • https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.68514131.339223974.1691382343-1911411808.1686627590 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0CVE-2023-0425 – Buffer overflow in global memory region
https://notcve.org/view.php?id=CVE-2023-0425
07 Aug 2023 — ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affec... • https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.68514131.339223974.1691382343-1911411808.1686627590 • CWE-839: Numeric Range Comparison Without Minimum Check •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2685 – Unquoted Service Path in ABB AO-OPC
https://notcve.org/view.php?id=CVE-2023-2685
28 Jul 2023 — A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to syst... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A4093&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-428: Unquoted Search Path or Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3324 – Insecure deserialization in zenon internal DLLs
https://notcve.org/view.php?id=CVE-2023-3324
24 Jul 2023 — A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An ... • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3323 – Code Execution through overwriting project file on zenon engineering studio system
https://notcve.org/view.php?id=CVE-2023-3323
24 Jul 2023 — A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An ... • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 • CWE-276: Incorrect Default Permissions •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3322 – Code Execution through overwriting service executable in utilities directory
https://notcve.org/view.php?id=CVE-2023-3322
24 Jul 2023 — A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An ... • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3321 – Code Execution through Writable Mosquitto Configuration File
https://notcve.org/view.php?id=CVE-2023-3321
24 Jul 2023 — A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An ... • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.194142766.2067879716.1690216773-1911411808.1686627590 • CWE-15: External Control of System or Configuration Setting •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2625
https://notcve.org/view.php?id=CVE-2023-2625
28 Jun 2023 — A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system. • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •