CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5402 – Mint Workbench I Unquoted Service Path Enumeration
https://notcve.org/view.php?id=CVE-2024-5402
15 Jul 2024 — Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 5868. Vulnerabilidad de elemento o ruta de búsqueda sin comillas en ABB Mint Workbench. Un atacante local que aprovechara con éxito esta vulnerabilidad podría obtener privilegios elevados insertando un archivo ejecuta... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch • CWE-428: Unquoted Search Path or Element •
CVSS: 10.0EPSS: 3%CPEs: 38EXPL: 1CVE-2024-6209 – unauthorized file access
https://notcve.org/view.php?id=CVE-2024-6209
05 Jul 2024 — Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series v <=3.08.01 ; MATRIX Series v<=3.08.01 allows Attacker to access files unauthorized Acceso no autorizado a archivos en WEB Server en ABB ASPECT - Enterprise v <=3.08.01; Serie NEXUS v <=3.08.01; MATRIX Series v<=3.08.01 permite a un atacante acceder a archivos no autorizados Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attac... • https://packetstorm.news/files/id/181802 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 10.0EPSS: 7%CPEs: 38EXPL: 1CVE-2024-6298 – remote code execution
https://notcve.org/view.php?id=CVE-2024-6298
05 Jul 2024 — Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01. Vulnerabilidad de validación de entrada incorrecta en ABB ASPECT-Enterprise en Linux, ABB NEXUS Series en Linux, ABB MATRIX Series en Linux permite la inclusión remota de código. Este problema afecta a ASPECT-Enterprise: hasta 3.08.01; ... • https://packetstorm.news/files/id/181803 • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2024-4007 – Hard coded default credential contained in install package
https://notcve.org/view.php?id=CVE-2024-4007
01 Jul 2024 — Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. ABB Cylon Aspect version 3.07.01 BMS/BAS controller is operating with default and hard-coded credentials contained in install package while exposed to the Internet. • https://packetstorm.news/files/id/181853 • CWE-1392: Use of Default Credentials •
CVSS: 9.2EPSS: 0%CPEs: 10EXPL: 0CVE-2024-4009 – Replay Attack in KNX Secure Devices
https://notcve.org/view.php?id=CVE-2024-4009
05 Jun 2024 — Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System Replay Attack en ABB, Busch-Jaeger, FTS Display (versión 1.00) y BCU (versión 1.3.0.33) permite al atacante capturar/reproducir telegramas KNX al sistema de bus KNX local • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.6EPSS: 0%CPEs: 10EXPL: 0CVE-2024-4008 – FDSK Leak in KNX Secure Devices
https://notcve.org/view.php?id=CVE-2024-4008
05 Jun 2024 — FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System La fuga de FDSK en ABB, Busch-Jaeger, FTS Display (versión 1.00) y BCU (versión 1.3.0.33) permite al atacante tomar el control mediante el acceso al sistema de bus KNX local • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1914
https://notcve.org/view.php?id=CVE-2024-1914
14 May 2024 — An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 < 7.14 Un atacante que aprov... • https://search.abb.com/library/Download.aspx?DocumentID=SI20330&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1913
https://notcve.org/view.php?id=CVE-2024-1913
14 May 2024 — An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 <... • https://search.abb.com/library/Download.aspx?DocumentID=SI20330&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0335 – Malformed Packet Handling
https://notcve.org/view.php?id=CVE-2024-0335
03 Apr 2024 — ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2. ABB ha identificado internamente una vulnerabili... • https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation CWE-23: Relative Path Traversal •
CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0CVE-2023-0426 – Stack overflow in filename or in boundary
https://notcve.org/view.php?id=CVE-2023-0426
07 Aug 2023 — ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance contro... • https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.68514131.339223974.1691382343-1911411808.1686627590 • CWE-121: Stack-based Buffer Overflow •