CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22284 – SECURITY - OPC Server for AC 800M - Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22284
04 Feb 2022 — Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. Una vulnerabilidad de Asignación de Permisos Incorrecta para Recursos Críticos en el Servidor OPC para AC 800M permite a un atacante ejecutar código arbitrario en el nodo que ejecuta el Servidor OPC AC800M • https://search.abb.com/library/Download.aspx?DocumentID=7PAA000908&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22285 – SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module
https://notcve.org/view.php?id=CVE-2021-22285
04 Feb 2022 — Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive. Una vulnerabilidad de Manejo Inapropiado de Condiciones Excepcionales, Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en el módulo ABB SPIET800 y PNI800 que permite a un atacante causar la denegación de servicio o causar que el módulo no responda • https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22288 – SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module
https://notcve.org/view.php?id=CVE-2021-22288
04 Feb 2022 — Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el módulo ABB SPIET800 y PNI800 permite a un atacante causar la denegación de servicio o causar que el módulo no responda • https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22286 – SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module
https://notcve.org/view.php?id=CVE-2021-22286
04 Feb 2022 — Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el módulo ABB SPIET800 y PNI800 permite a un atacante causar la denegación de servicio o causar que el módulo no responda • https://search.abb.com/library/Download.aspx?DocumentID=7PAA001353&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22279 – OmniCore RobotWare Missing Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2021-22279
13 Dec 2021 — A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port. Una vulnerabilidad de falta de autenticación en RobotWare para el controlador de robot OmniCore permite a un atacante leer y modificar archivos en el controlador de robot si el atacante presenta acceso al puerto Ethernet de Connected Services Gateway • https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2021-22278 – Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool
https://notcve.org/view.php?id=CVE-2021-22278
28 Oct 2021 — A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. Una vulnerabilidad de comprobación de certificados en PCM600 Update Manager permite a un atacante conseguir que se instalen paquetes de software no deseados en el ordenador que presenta instalado el PCM600 • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-295: Improper Certificate Validation •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22272 – ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase.
https://notcve.org/view.php?id=CVE-2021-22272
27 Sep 2021 — The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the a... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-22276 – free@home System Access Point FW integrity check can be bypassed.
https://notcve.org/view.php?id=CVE-2021-22276
23 Sep 2021 — The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. La vulnerabilidad permite a un atacante con éxito omitir la comprobación de integridad del FW cargado al Punto de Acceso del Sistema free@home • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-354: Improper Validation of Integrity Check Value •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24672 – ABB Base Software for SoftControl Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2020-24672
08 Sep 2021 — A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . Una vulnerabilidad en Base Software for SoftControl permite a un atacante insertar y ejecutar código arbitrario en un ordenador que ejecute el producto afectado. Este problema afecta a: • https://search.abb.com/library/Download.aspx?DocumentID=2PAA122974&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-24686 – AC500 V2 webserver denial of service vulnerability
https://notcve.org/view.php?id=CVE-2020-24686
26 Feb 2021 — The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. Las vulnerabilidades pueden ser e... • https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-400: Uncontrolled Resource Consumption •