CVSS: 6.3EPSS: 0%CPEs: 14EXPL: 0CVE-2022-26080 – Easily guessable session ID's in NE843 Pulsar Plus Controller
https://notcve.org/view.php?id=CVE-2022-26080
16 Mar 2023 — Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.256117643.1223066510.1678942947-1879524908.1677751217 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0228 – Improper authentication vulnerability in S+ Operations
https://notcve.org/view.php?id=CVE-2023-0228
02 Mar 2023 — Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. • https://search.abb.com/library/Download.aspx?DocumentID=7PAA006722&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-287: Improper Authentication •
CVSS: 6.2EPSS: 0%CPEs: 64EXPL: 0CVE-2021-22283 – MMS File Transfer Vulnerability impact on Distribution Automation products
https://notcve.org/view.php?id=CVE-2021-22283
28 Feb 2023 — Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion pr... • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001147&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-665: Improper Initialization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1607 – Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller
https://notcve.org/view.php?id=CVE-2022-1607
24 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-3573
https://notcve.org/view.php?id=CVE-2022-3573
12 Jan 2023 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3573.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34838 – ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
https://notcve.org/view.php?id=CVE-2022-34838
24 Aug 2022 — Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user. Una vulnerabilidad de Almacenamiento de Contraseñas en un Formato Recuperable en ABB Zenon versión 8.20, permite que un atacante que explote con éxito la vulnerabilidad pueda añadir o alterar puntos de datos y los atributos c... • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34836 – ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
https://notcve.org/view.php?id=CVE-2022-34836
24 Aug 2022 — Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. Una vulnerabilidad de Salto de Ruta Relativo en ABB Zenon versión 8.20, permite al usuario acceder a archivos en el sistema Zenon y el usuario también puede añ... • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34837 – ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control
https://notcve.org/view.php?id=CVE-2022-34837
24 Aug 2022 — Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. Una vulnerabilidad de Almacenamiento de Contraseñas en un Formato Recuperable en ABB Zenon versión 8.20, permite que un atacante que explote con éxito la vulnerabilidad pueda añadir más clientes de red que puedan monitorizar varias actividades del Zenon. • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2022-0902 – ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access
https://notcve.org/view.php?id=CVE-2022-0902
21 Jul 2022 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node. Una Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("S... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0927&LanguageCode=en&DocumentPartId=&Action=Launch&_ga • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1596 – ABB Relion REX640 Insufficient file access control
https://notcve.org/view.php?id=CVE-2022-1596
21 Jun 2022 — Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. Una vulnerabilidad de Asignación incorrecta de permisos para recursos críticos en ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 permite a un atacante autenticado lanzar un ataque contra el archivo de la base de datos del usuario e intentar tomar el control de un nodo... • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421 • CWE-732: Incorrect Permission Assignment for Critical Resource •