Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
abb vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-24676
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.
Abb Symphony \\+ Historian 3.0
Abb Symphony \\+ Historian 3.1
Abb Symphony \\+ Operations 1.1
Abb Symphony \\+ Operations 2.0
Abb Symphony \\+ Operations 2.1
Abb Symphony \\+ Operations 3.0
Abb Symphony \\+ Operations 3.1
Abb Symphony \\+ Operations 3.2
Abb Symphony \\+ Operations 3.3
8.8
CVSSv3
CVE-2020-24677
Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.
Abb Symphony \\+ Historian 3.0
Abb Symphony \\+ Historian 3.1
Abb Symphony \\+ Operations 1.1
Abb Symphony \\+ Operations 2.0
Abb Symphony \\+ Operations 2.1
Abb Symphony \\+ Operations 3.0
Abb Symphony \\+ Operations 3.1
Abb Symphony \\+ Operations 3.2
Abb Symphony \\+ Operations 3.3
8.8
CVSSv3
CVE-2020-24678
An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges.
Abb Symphony \\+ Historian 3.0
Abb Symphony \\+ Historian 3.1
Abb Symphony \\+ Operations 1.1
Abb Symphony \\+ Operations 2.0
Abb Symphony \\+ Operations 2.1
Abb Symphony \\+ Operations 3.0
Abb Symphony \\+ Operations 3.1
Abb Symphony \\+ Operations 3.2
Abb Symphony \\+ Operations 3.3
9.8
CVSSv3
CVE-2020-24679
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.
Abb Symphony \\+ Historian 3.0
Abb Symphony \\+ Historian 3.1
Abb Symphony \\+ Operations 1.1
Abb Symphony \\+ Operations 2.0
Abb Symphony \\+ Operations 2.1
Abb Symphony \\+ Operations 3.0
Abb Symphony \\+ Operations 3.1
Abb Symphony \\+ Operations 3.2
Abb Symphony \\+ Operations 3.3
7
CVSSv3
CVE-2020-24680
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.
Abb Symphony \\+ Historian 3.0
Abb Symphony \\+ Historian 3.1
Abb Symphony \\+ Operations 1.1
Abb Symphony \\+ Operations 2.0
Abb Symphony \\+ Operations 2.1
Abb Symphony \\+ Operations 3.0
Abb Symphony \\+ Operations 3.1
Abb Symphony \\+ Operations 3.2
Abb Symphony \\+ Operations 3.3
9.8
CVSSv3
CVE-2020-24683
The affected versions of S+ Operations (version 2.1 SP1 and previous versions) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allo...
Abb Symphony \\+ Historian 3.0
Abb Symphony \\+ Historian 3.1
Abb Symphony \\+ Operations 1.1
Abb Symphony \\+ Operations 2.0
Abb Symphony \\+ Operations 2.1
Abb Symphony \\+ Operations 3.0
Abb Symphony \\+ Operations 3.1
Abb Symphony \\+ Operations 3.2
Abb Symphony \\+ Operations 3.3
9.8
CVSSv3
CVE-2020-24673
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present...
Abb Symphony \\+ Historian 3.0
Abb Symphony \\+ Historian 3.1
Abb Symphony \\+ Operations 1.1
Abb Symphony \\+ Operations 2.0
Abb Symphony \\+ Operations 2.1
Abb Symphony \\+ Operations 3.0
Abb Symphony \\+ Operations 3.1
Abb Symphony \\+ Operations 3.2
Abb Symphony \\+ Operations 3.3
9.8
CVSSv3
CVE-2020-10287
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running the...
Abb Irb140 Firmware -
Abb Irc5 Firmware -
9.8
CVSSv3
CVE-2020-10288
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.
Abb Robotware 5.09
5.5
CVSSv3
CVE-2020-8482
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data
Abb Device Library Wizard
Abb Device Library Wizard 6.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »