CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9877 – Sensitive information submitted using GET method
https://notcve.org/view.php?id=CVE-2024-9877
30 Apr 2025 — : Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. • https://search.abb.com/library/Download.aspx?DocumentID=2CRT000006&LanguageCode=en&DocumentPartId=PDF&Action=Launch • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9876 – Application is vulnerable to Privilege escalation
https://notcve.org/view.php?id=CVE-2024-9876
30 Apr 2025 — : Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. • https://search.abb.com/library/Download.aspx?DocumentID=2CRT000006&LanguageCode=en&DocumentPartId=PDF&Action=Launch • CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47784 – Unverified Password Change
https://notcve.org/view.php?id=CVE-2024-47784
30 Apr 2025 — Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier. Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier. • https://search.abb.com/library/Download.aspx?DocumentID=2CRT000006&LanguageCode=en&DocumentPartId=PDF&Action=Launch • CWE-620: Unverified Password Change •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3395
https://notcve.org/view.php?id=CVE-2025-3395
30 Apr 2025 — Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. • https://search.abb.com/library/Download.aspx?DocumentID=3ADR011407&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-312: Cleartext Storage of Sensitive Information CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3394 – Vulnerability in user management of Automation Builder
https://notcve.org/view.php?id=CVE-2025-3394
30 Apr 2025 — Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. • https://search.abb.com/library/Download.aspx?DocumentID=3ADR011407&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10334 – Camera passwords stored in clear text
https://notcve.org/view.php?id=CVE-2024-10334
10 Feb 2025 — A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X. A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the v... • https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-256: Plaintext Storage of a Password •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51547 – Credentials Disclosure - keys
https://notcve.org/view.php?id=CVE-2024-51547
06 Feb 2025 — Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&LanguageCode=en&DocumentPartId=pdf%20-%20Public%20Advisory&Action=Launch • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 8CVE-2024-48841 – Remote Code Execution (RCE) Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-48841
27 Jan 2025 — Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/users/password endpoint. • https://packetstorm.news/files/id/188963 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-12429 – ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-12429
07 Jan 2025 — An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version ... • https://packetstorm.news/files/id/188713 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-12430 – ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-12430
07 Jan 2025 — An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. An attacker who successfully exploi... • https://packetstorm.news/files/id/188713 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •